Please enable JavaScript.
Coggle requires JavaScript to display documents.
7.4.5 (LOGON IDS AND PASSWORDS (Features of Passwords (intial password…
7.4.5
LOGON IDS AND PASSWORDS
are the components of a user identification and authentication process, where the authentication is based on something you
know.
computer can maintain an INTERNAL LIST OF LOG ON IDs and a corresponding set of ACCESS RULES for each logon ID.
-
log on ids for gruops???
should be restricted to provide individual, but not group
identification
If a group of users is to be formed for interchangeability, the system usually offers the ability to attach a logon ID to a named group, with common rights.
Features of Passwords
-
-
intial password
-
-
the user logs on for the first time, the system should force a password change to improve confidentiality.
Initial password assignments should be randomly generated. e.g giving a easiest password to a specified employee may be risky
-
Communication
ID and password should be communicated in a controlled manner to ensure that only the appropriate user receives this information.
Log in attempts
If the wrong password is entered a predefined number of times, the logon ID should be automatically locked out.(temporarily or permanently )
who have forgotten their password must notify a security administrator —the only person with sufficient privileges to reset the password and/or unlock the logon ID. :closed_lock_with_key:
security administrator should reactivate the logon
ID only after verifying the user’s identification (challenge/response system) response after verifying user's extention
Passwords should be HASHED (a type of one-way encryption) and STORED using a sufficiently strong algorithm
-
To reduce the risk of an intruder gaining access to other users’ logon IDs, passwords should not be displayed in any form
Passwords should not be kept on index or card files or written on pieces of paper taped somewhere near the computer or inside a person’s desk
-
Password management
is stronger if a history of previously used passwords is maintained by the system and their reuse prohibited for a period, such as no reuse of the last 12 passwords.
-
-
Token Devices, One-time Passwords
two-factor authentication technique, the user is assigned a microprocessor-controlled smart card, USB key or mobile device application synchronized with a specific authentication device on the system.
This smart card/key/app is set to generate unique, time-dependent, pseudo-random strings
-
-
must either physically read out and retype the string or insert the smart card/USB key in a reader/USB slot and type in their own memorized password to gain access to the system.
technique involves something you have (a device subject to theft) and something you know (a personal identification number)
-