Passwords can be changed using the FIX session Login messages and the following will apply:
•Passwords used for session authentication must be changed on a periodic basis as they have a limited lifetime. Passwords can be changed programmatically using the Logon message only at session establishment and only while they are valid. Passwords cannot be changed programmatically after they have expired. If the password has expired or cannot be changed programmatically due to limitations of the Participant’s FIX implementation then they must be changed manually by Business or Technical Operations.
•To change the FIX session password at logon time both the current password and the new password must be included in the FIX Logon message. In addition, the SenderCompID (49) , username (553) and the current password must be valid otherwise authentication will fail.
•The current password is sent using the Password (554) field in the Logon message.
•Providing the SenderCompID, username (553) and current password are valid, the new password is checked against the password policy for compliance. If the new password complies, it is updated in the database and becomes the password to be used for the next session logon. If the new password does not comply with the password policy then an error status and message is returned in the Logon confirm message. However, regardless of whether the new password complies or not with the password policy the FIX session will be established if the SenderCompID, username (553) and existing password are still valid.
•In the case where the session password has expired, marketplace operations must be contacted to provide a new password which must be changed at first logon.