| (I) A secret data value, usually a character string, that is used
as authentication information. (See: challenge-response.)
(C) A password is usually matched with a user identifier that is
explicitly presented in the authentication process, but in some
cases the identity may be implicit.
(C) Using a password as authentication information assumes that
the password is known only by the system entity whose identity is
being authenticated. Therefore, in a network environment where
wiretapping is possible, simple authentication that relies on
transmission of static (i.e., repetitively used) passwords as
cleartext is inadequate. (See: one-time password, strong
authentication.)
|
