Submitted by Anonymous (not verified) on
Section
1.1.4
Top Level
Identification and Authentication
Sub Level
1.1 Performing Authentication
General
Authentication credentials should always be encrypted (use SSL) while in transit, both externally and (if possible) internally.
Django
Make sure your login pages, or any URL that deals with credentials, are forced to use SSL. See 1.1.1 on how you can ensure this.
Natural Webagent
This is handled automatically when using EID authentication.