Password and Information Security Policies

Password Policy

Assigning of First Password to Citizen
The citizen receives the password envelope via PTT and the 5-digit numeric password in the envelope is defined as the first-use first-time password of the citizen. Citizens must use this password when they enter the e-Government Gateway for the first time.
Citizen can also be an active user in the system by logging in with an electronic signature (e-signature) or mobile signature (m-signature). In this case, there is no password assigned to it. At each entrance you have to use e-signature or m-signature. However, citizens can enter the system and create a password with e-signature or m-signature. They can use this password later.


Setting a New Password
The user, entering the system with the password in the password envelope, has to change this password. The new password rules to be set are as follows:

  1. The password must contain at least 8 characters.
  2. The password can not consist entirely of digits or letters.
  3. The password can not consist National ID or birthdate.
  4. The password must be different from the three last used passwords.

When the user logs in with e-signature or m-signature, the user can turn off the login with the password. You can do this in “ My Profile & Settings ” Then “ Password & Security Settings & rdquo;
When the login is successful with the password, the user can login to the system with the new password by taking a new password from PTT. 


Changing Password
It is recommended to change your password every 3 months because of security reasons. When the password used expires three months, the system gives the password change warning. However, the system also offers the option to continue with the password that the user is currently using. If the user wants to continue with the old password, the user can click on the link named as “ I want to continue with my old password ”


Incorrect Password Entry
If the user enters the password 3 times incorrectly, the system will generate a security picture (captcha). If the number of incorrect entries exceeds 10, the system makes user's password unusable for 1 hour. In other words, it blocks 1 hour and warns the user about the blocking time. The user can use the password again after the 1-hour blocking period expires.
If the user continues to log in incorrectly, the blocking time is doubled every 10 incorrect entry. For example, the blocking time in the first 10 incorrect entry is 1 hour, 2 hours in the next 10 lines, and 4 hours, 8 hours, 16 hours in the following 10 incorrect entry.


Forgetting Password
Users who have entered their mobile phone and e-mail information on e-Government Portal profile can renew forgotten or lost password. A new password can be generated by entering the confirmation code in the system as a text message for the mobile phone indicated in the profile.


Registering of Mobile Phone and Email and Verification
Steps for entering mobile phone and email information and verification are as follows:

  1.  Click https: //www.türkiye.gov.tr and log in to the system.
  2. Select the section & ldquo; My Contact Options & rdquo; in Profile.
  3. If your mobile phone and email are not registered, enter your mobile phone number and email address in the relevant fields and click “ Update ” button.
  4. On the next screen, fill in the ID and sequence number fields as appropriate, then click “Continue ” button.
  5. Click & ldquo; Verify Mobile Phone Now ” button located under Mobile phone information .
  6. Type the verification code from your mobile phone into the box and click " Verify My Phone Number " button.
  7. Click the button under “ My e-mail now & rdquo; button and type confirmation code for the email inbox and click the " Verify My e-mail " button.
  8. To change (update) your mobile phone and your e-mail information, enter your current mobile phone number and e-mail address after deleting the existing entry in the respective fields and click “ Update ” button. (The steps above are also required to update the information.)

In the system, up to three users of the same mobile phone number are allowed to be registered in the profile. If the fourth user wants to identify the same mobile number on their profile, the system will warn “ Your entered number 90 ********** has been added to the system by another user. Please enter another mobile phone number. The user may increase the security by adding a confirmation code. In this case, the confirmation code for the mobile phone and the confirmation code for the e-mail address will be different from each other.
The user can set the password renewal method as follows to increase the security.

  1. Click Password & Security Settings in the profile field.
  2. Select one of the following options and click Update Settings button.
    1. Only by receiving the new password envelope from the PTT branches (Users marking this option can get a new password from PTT
    2. By entering the code on my mobile phone and my email address (Users who have marked this option will be able to set a new password by entering future codes in their mobile phones and emails they have defined in my Options & Settings in “ My Profile & My Settings ”
    3. By entering the code on the mobile phone (Users who select this option will be able to set a new password by entering the code for their mobile phone they have defined in the "My Options" section in &ldquo My Profile & Settings ”
  3. Enter the serial number and sequence number of the identity card on the Information Change Confirmation page and click to ” Continue ” button.

Timeout
If there is no process on the page for 15 minutes after login, the session will time-out for security and you need to login again to complete the transaction.

Our Information Security Policy

e-Government Gateway is a secure entrance gate for access to public services. e-Government Gateway aims of information security; the protection of privacy and confidentiality, the continuity of business continuity and performance, the protection of privacy and confidentiality. To ensure that the activities carried out for this purpose are carried out effectively, correctly and safely.

This document is designed to give information about the security of information and to explain the responsibility of the people who use the e-Government Gateway and the e-Government Gateway within the scope of Information Security Policy. Within this scope, there is Information Security Unit within TÜRKSAT in order to determine and implement TÜRKSAT information security policy.

Responsibilities:

  1. The security of e-Government Gateway is provided in ISO / IEC 27001 Information Security Management System standards.
  2. Within the e-Government Gateway, all information is classified and the necessary controls are applied to ensure the confidentiality, integrity and accessibility of confidential and sensitive information according to this classification.
  3. e-Devlet Kapısı’na ait bilgilere erişim yetkilendirme dâhilinde uygun şekilde kontrol edilmekte, e-Devlet Kapısı tarafından belirlenmiş esaslara göre sağlanmakta ve e-Devlet Kapısı’na ait bilgiler yetkisiz erişim girişimlerine karşı korunmaktadır.
  4. All actual or suspected violations of information security are reported; nonconformities causing violations and their root causes are detected and precautions are taken to prevent their repeat.
  5. It is the user's responsibility to keep password secure after delivery of the first password.
  6. It is the user's responsibility to set a new secure password according to the e-Government Gateway password policy, to change and store the password when necessary.
  7. The e-Government Gateway password should not be shared with third parties.
  8. Users are responsible for the security of the password and personal information shared with third parties.
  9. The e-Government Gateway takes precautions to ensure the security of user information as long as the users do not share their personal information and passwords with third parties.
  10. e-Government Gateway does not keep user information in the system, it is taken by instant inquiry from related institutions. User information is not stored in e-Government Gateway systems.
  11. Services in e-Government Gateway, the personal information belonging to the users is presented to the user as it is received from this institution and within the records of the institution where the information is questioned. e-Government Gateway does not make any changes, corrections, updates in the information.
  12. Software in the e-Government Gateway is developed in accordance with secure software development applications and it is started to be used after the developed software is passed through the security tests. Existing systems and applications are subjected to security tests at least once a year.
  13. Business continuity management is implemented for information security in order to protect critical business processes from the effects of natural disasters and operational faults.
  14. Trainings are regularly provided to encourage e-Government Gateway employees to increase awareness of information security and contribute to the operation of the system.

Information Security

  1. Like all your passwords, set e-Government Gateway password not easy to guess and consisting of letters, numbers and symbols.
  2. Do not write your password and do not share it with anyone, including employees of the e-Government Gateway Portal.
  3. For secure use, type in www.turkiye.gov.tr yourself in the internet browser. Do not click on the links that come to you via e-mail, on other web pages or on search engines.
  4. Be sure you see the secure connection icon. Be sure the address starts with https: //. You can also reach the e-Government Gateway by typing https: //www.türkiye.gov.tr in the address line.
  5. e-Government Gateway Portal is available at www.turkiye.gov.tr and www.türkiye.gov.tr. Use these addresses to access e-Government Gateway services.
  6. Install the required security software on your computer and observe the update warnings of these software.
  7. Be sure that the required security software is installed on the computer you are using.
  8. Once you have logged in to e-Government Gateway, you can log out using the exit button when you are done.
  9. With the aim of ensuring data security within the e-Government Gate, all information sent and received is carried encrypted. A secure connection icon will appear on your browser as this indication. The shape and location of the secure connection icon may vary depending on the browser and operating system you are using.
This page is updated on