Description
The information resource shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
Applicability
-
The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.
Implementation
-
1
It is the responsibility of the information resource owner, or designee, to ensure measures are enacted to protect authentication information including, but not limited to:
-
1.1
Passwords are masked upon key entry; and
-
1.2
Failed login boxes do not indicate which part of the username/password combination is incorrect.
-
1.1