Passphrases are an important security component in the implementation of Novell® SecureLogin. Passphrases are unique question and answer combinations created to verify and authenticate the individual. In a directory environment, you can create passphrase questions for users to select a question and provide an answer for it. You can also permit users to select or provide questions and answers.
Passphrases protect user credentials from unauthorized use. For example, in a Microsoft Active Directory* environment, you can potentially log in to the network by resetting the user’s network password.
However, this cannot happen you are using Novell SecureLogin. If someone other than the actual users tries to reset the network password, Novell SecureLogin triggers the passphrase question. The user must provide the correct answer before successfully logging in. Even an administrator cannot access the user’s single sign-on-enabled applications without knowing the user’s passphrase answer.
When Novell SecureLogin is launched for the first time on the user’s workstation, the Passphrase Setup dialog box is displayed.
Figure 4-1 Passphrase Setup Dialog Box
Passphrases are used to authenticate when:
A user is working either remotely or offline in an eDirectory or non-Microsoft Active Directory LDAP environment.
Someone other than the user has reset the actual user’s network password.
Some of the benefits of using passphrase include:
An individual cannot access a user’s credentials by resetting the network password.
Passphrases can be used in conjunction with SecureLogin Self-Service Password Reset, which enables users to reset their network password after answering the passphrase question.
You can use this functionality to disable access to user credentials if the computer is stolen.
NOTE:You can disable the passphrase security system, but it also removes the features mentioned in the preceding section.