AU

APP022: Secure Authentication Protocol

Does the application use an EATDS approved authentication protocol?

Guidance: A secure mutual authentication protocol with a proper key management scheme to encrypt credentials (e.g., passwords) should be used. Examples include Kerberos or SSL/TLS or SSHv2. One-time or dynamic password can be sent in the clear over the network without encryption. Proprietary authentication protocols should be reviewed by SMEs to ensure they are sound. When no other secure authentication protocol can be implemented, IPSec can be considered as a last resort to protect credentials in transit. However, its applicability should be assessed to ensure it is implementable on the target platforms.

When static passwords are used for authentication, an authentication protocol that does not encrypt the static passwords is not acceptable.

Replies
  • JE

    QuickView supports Windows Integrated Authentication. See the Authentication Type section in the Security Policy page. When using this option the authentication process is delegated to Windows. Windows Authentication service uses the Kerberos protocol. When using Windows Integrated Authentication, the logon page looks like this:

Please Sign In to submit new tickets or to reply to existing ones.

Ticket ID

T-00008

Created

January 21, 2021 05:40 PM

Product

QuickView