Amer Networks E5Web GUI User Manual

Method A may require a special piece of equipment such as a biometric reader. Another problem
with A is that the special attribute often cannot be replaced if it is lost.

Methods B and C are therefore the most common means of identification in network security.
However, these have drawbacks: keys might be intercepted, passcards might be stolen,
passwords might be guessable, or people may simply be bad at keeping a secret. Methods B and
C are therefore sometimes combined, for example in a passcard that requires a password or
pincode for use.

Making Use of Username/Password Combinations

This chapter deals specifically with user authentication performed with username/password
combinations that are manually entered by a user attempting to gain access to resources. Access
to the external public Internet through a Clavister Security Gateway by internal clients using the
HTTP protocol is an example of this.

In using this approach, username/password pairs are often the subject of attacks using
guesswork or systematic automated attempts. To counter this, any password should be carefully
chosen. Ideally it should:

•

Be more than 8 characters with no repeats.

•

Use random character sequences not commonly found in phrases.

•

Contain both lower and upper case alphabetic characters.

•

Contain both digits and special characters.

To remain secure, passwords should also:

•

Not be recorded anywhere in written form.

•

Never be revealed to anyone else.

•

Changed on a regular basis such as every three months.

Chapter 8: User Authentication

521