Amer Networks E5Web GUI User Manual
Page 521

Method A may require a special piece of equipment such as a biometric reader. Another problem
with A is that the special attribute often cannot be replaced if it is lost.
Methods B and C are therefore the most common means of identification in network security.
However, these have drawbacks: keys might be intercepted, passcards might be stolen,
passwords might be guessable, or people may simply be bad at keeping a secret. Methods B and
C are therefore sometimes combined, for example in a passcard that requires a password or
pincode for use.
Making Use of Username/Password Combinations
This chapter deals specifically with user authentication performed with username/password
combinations that are manually entered by a user attempting to gain access to resources. Access
to the external public Internet through a Clavister Security Gateway by internal clients using the
HTTP protocol is an example of this.
In using this approach, username/password pairs are often the subject of attacks using
guesswork or systematic automated attempts. To counter this, any password should be carefully
chosen. Ideally it should:
•
Be more than 8 characters with no repeats.
•
Use random character sequences not commonly found in phrases.
•
Contain both lower and upper case alphabetic characters.
•
Contain both digits and special characters.
To remain secure, passwords should also:
•
Not be recorded anywhere in written form.
•
Never be revealed to anyone else.
•
Changed on a regular basis such as every three months.
Chapter 8: User Authentication
521