Back to T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
A management system for user credentials should:
- Enforce the use of individual user IDs and credentials to maintain accountability
- Allow users to select and change their own credentials and include a confirmation procedure to allow for input errors
- Enforce a choice of quality credentials
- Enforce credential changes
- Force users to change temporary credentials at the first log-on
- Maintain a record of previous user credentials and prevent re-use
- Not display credentials on the screen when being entered
- Store credential files separately from application system data
- Store and transmit credentials in protected (e.g. encrypted or hashed- form)