IA-6 Authenticator Feedback

Description

The information resource shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Applicability

• The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.

Implementation

• 1 - It is the responsibility of the information resource owner, or designee, to ensure measures are enacted to protect authentication information including, but not limited to:

  • 1.1 - Passwords are masked upon key entry; and
  • 1.2 - Failed login boxes do not indicate which part of the username/password combination is incorrect.