Security Controls Evaluation, Testing, and Assessment Handbook

Log-on IDs and passwords

Features of passwords:

• A password should be easy for the user to remember but difficult for a perpetrator to guess.

• Initial passwords may be allocated by the security administrator or generated by the system itself. When the user logs on for the first time, the system should force a password change to improve confidentiality.

• If the wrong password is entered a predefined number of times, typically three, the log-on ID should be automatically and permanently deactivated (or at least for a significant period of time).

Token Devices, One-Time Passwords

A two-factor authentication technique, such as a microprocessor-controlled smart card, generates one-time passwords that are good for only one log-on session. Users ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson

Log-on IDs and passwords

Token Devices, One-Time Passwords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly