Summary

Recommendation ITU-T X.1282 analyses security risks of password-related online attacks in service systems and provides security measures to mitigate security threats and challenges.

Based on features of password-related online attacks, security measures include the completely automated public Turing test to tell computers and humans apart (CAPTCHA), multi-factor certification, session control, log audit, security design of registration interface, security design of retrieving password interface, security design of login interface, security policy of login password, anomaly pattern analysis, data analysis, policy optimization, hierarchical services, risk early warning, user reminders and other related technical requirements.

Recommendation ITU-T X.1282 provides security risks analysis and security considerations to mitigate password-related security risks into each phase of the service life cycle, thus advancing the business application and security requirements together to ensure a balanced approach during the life cycle of service systems. It provides a baseline to all service systems that use password login mechanisms, and additional filters for critical applications.