← Back to catalog
IA-6

Authentication Feedback

Identification and Authentication (IA)
Baselines
Low · IncludedModerate · IncludedHigh · Included
Description

Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

Discussion

Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.AA-01Identities and credentials for authorized users, services, and hardware are managed by the organizationProtect