![]() Review the application documentation and interview the application administrator to identify if the application uses passwords for user authentication. ![]() If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.Īpplication Security and Development Security Technical Implementation Guide To meet password policy requirements, passwords need to be changed at specific policy-based intervals. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. When the application is publicly available and or hosting publicly releasable data requiring some degree of need-to-know protection. When an application user has been officially designated as a Temporary Exception User one who is temporarily unable to present a CAC for some reason (lost, damaged, not yet issued, broken card reader) and to satisfy urgent organizational needs must be temporarily permitted to use user ID/password authentication until the problem with CAC use has been remedied. When the application user base does not have a CAC and is not a current DoD employee, member of the military, or a DoD contractor. Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication.Įxamples of situations where a user ID and password might be used include but are not limited to:
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |