V2.3 — Authenticator Lifecycle
Authenticator Lifecycle: 3 L3 requirement(s). V2.3.1: Verify system generated initial passwords or activation codes SHOULD be securely randomly generated, SHOULD be at least ... V2.3.2: Verify that enrollment and use of user-provided authentication devices are supported, such as a U2F or FIDO tokens. V2.3.3: Verify that renewal instructions are sent with sufficient time to renew time bound authenticators.
| Property | Value |
|---|---|
| Section | V2.3 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
Source: OWASP Application Security Verification Standard 4.0.3