Consider the following to help ensure security for Novell SecureLogin:
It is not recommended to use pcProx alone for authentication. Use pcProx in conjunction with other NMAS authentication methods for more security.
Use the AES encryption standard for the encryption of SecureLogin data.
Back up SecureLogin data and directory data by using encryption and password protection.
Use AAVerify to provide additional advanced authentication to single sign-on applications with NMAS methods.
Provide information to users about using a smart card, including details about how to store application credentials on the card, and how to encrypt the directory data store by using PKI-based credentials.
Protect the SecureLogin desktop shortcut with a password so that others cannot view SecureLogin data.
Prevent certain SecureLogin settings and options from being visible or modifiable by others.
Use a universal password for increased security by providing additional layers of policies.
Require SecureLDAP when using LDAP to authenticate to SecureLogin.
Use Novell SecretStore to provide additional security to SecureLogin data stored on eDirectory.
Use NMAS to provide advanced authentication, such as pcProx, fingerprint, and token-based authentication.
Store SecureLogin credentials in a PIN-protected smart card, which provides a secure, portable, and efficient single sign-on solution.
Keep the local cache files in a user profile directory so that only the corresponding Windows user can access them.
Enable a passphrase to provide additional security to SecureLogin user data.
Ensure strict password policies for SecureLogin users and for all single sign-on logins. Randomization of passwords and hiding them from end users is also essential.
Use auditing features like SNMP alerts and Windows event logs to capture SecureLogin activity wherever applicable.
When you are using LDAP with NMAS, the Novell SecureLogin universal password must be enabled.