5.17 Authentication information

Allocate secure authentication info, verify user identity, transmit info securely, change default authentication info, keep records confidential, advise users to keep passwords confidential, select strong passwords, use unique passwords across services, use a password management system with strong enforcement and protection measures.