We are changing the passcode requirements of NHS smartcards as part of a national update to the Care Identity Service for health and care staff. We are making this change as part of our preparation for rolling out a more advanced smartcard, the series 9.
The minimum security passcode length on all smartcards will change to 6-8 numbers only. We will no longer accept letters as part of your passcode.
Health and care professionals with a smartcard: your current passcode will continue to work. You do not need to change your passcode now.
You will only notice this change when the time comes to choose a new passcode, for example if your smartcard is locked.
The change will take affect from Wednesday 19 July 2023.
For health and care professionals with a smartcard, you will only notice this change when the time comes to change or reset your passcode.
Please ensure that the passcode you use is not easy to guess and contains 6-8 numbers only. Avoid using birthdays.
Remember that your passcode is the safety check that proves it is you using the card. All operations performed using that card are linked to you, so do not share the passcode with anyone.
If you have any queries about this change, please contact your local Registration Authority.
For registration authorities
You need to be aware of the new requirements to passcode in case staff approach you about the change.
If a user tries to set a passcode of fewer than 6 numbers, this will return an error message indicating that the passcode is too short.
Setting a new passcode with letters will also return an error.
Passcodes in Care Identity Management
The Care Identity Management smartcard passcode policy is still 4-8 characters.
This is out of step with the revised Care Identity Service application passcodes, which must be 6-8 numbers.
A future release of Care Identity Management will align the two services. This is expected by the end of September 2023.
