Consider the following to help ensure security for SecureLogin:
Use the AES (Advanced encryption standard) or Triple DES (Data Encryption Standard) for the encryption of SecureLogin data.
Back up SecureLogin data and directory data by using encryption and password protection.
Use AAVerify to provide additional advanced authentication to single sign-on applications with NMAS methods or other AA methods such as NetIQ Advanced Authentication Framework.
Implement smart cards, storing application credentials on cards and the encryption of the data store using PKI credentials.
Protect the SecureLogin desktop shortcut with a password so that others cannot view SecureLogin data.
Prevent certain SecureLogin settings and options from being visible or modifiable by others.
Use a universal password for increased security by providing additional layers of policies.
Require SecureLDAP when using LDAP to authenticate to SecureLogin.
Use Novell SecretStore to provide additional security to SecureLogin data stored on eDirectory.
Use AA methods such as OTP and NMAS to provide advanced authentication, such as fingerprint, and token-based authentication.
Store SecureLogin credentials in a PIN-protected smart card, which provides a secure, portable, and efficient single sign-on solution.
Keep the local cache files in a user profile directory so that only the corresponding Windows user can access them.
Enable a passphrase to provide additional security to SecureLogin user data.
Ensure strict password policies for SecureLogin users and for all single sign-on logins. Randomization of passwords and hiding them from end users is also essential.
Use auditing features such as NetIQ Sentinel, SNMP alerts and Windows event logs to capture SecureLogin activity wherever applicable.
When you are using LDAP with NMAS, the SecureLogin universal password must be enabled.