Information resource owners shall ensure the information system masks passphrase entry during the authentication process to protect the information from possible exploitation/use by unauthorized individuals and that failed login messages do not indicate which part of the username or passphrase combination is incorrect.
Lack of controls to obscure feedback of authentication information may expose the authentication information to possible exploitation.
The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
a. Passwords are masked upon keyed entry.
b. Failed login boxes do not indicate which part of the username/password combination is incorrect.
The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
Obtain identification and authentication policy; procedures addressing authenticator feedback; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if the information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.