Passphrases are an important security component in the implementation of SecureLogin. Passphrases are unique question and answer combinations created to verify and authenticate the identity of a user. In a directory environment, you can create passphrase questions for users. Users can select one of these questions and provide an answer for it. You can also permit users to provide a question of their choice and the answer for it.
Passphrases protect user credentials from unauthorized use. For example, in a Microsoft Active Directory environment, you can potentially log in to the network by resetting the user’s network password.
However, this cannot happen when you are using SecureLogin. If someone other than the actual users tries to reset the network password, SecureLogin triggers the passphrase question. The user must provide the correct answer before successfully logging in. Even an administrator cannot access the user’s single sign-on-enabled applications without knowing the user’s passphrase answer.
NOTE:In a Microsoft Windows Vista environment, when you log in to SecureLogin in an offline mode with an incorrect password, you are prompted to provide the passphrase answer. If an incorrect passphrase answer is specified, you are prompted to retry the authentication.
However, if you again provide a wrong password, instead of seeing a prompt for the passphrase answer, you are prompted to specify the password (that is, instead of the passphrase dialog box, the password dialog box is displayed).
Close and relaunch SecureLogin to be prompted for the password first, then prompted for the passphrase answer if the incorrect password is specified.