The logon process and procedures for user identification should be as simple as possible, consistent with protecting the system and associated data.
Additional Information:
The logon process should provide prompts for all user entries, including passwords and/or whatever other data are required to confirm user identity and to authorize access to the system. Authentication of user identity is generally not enhanced by requiring a user to enter routine data such as terminal, telephone, office, or project numbers. In most organizations, those data can readily be obtained by other people. If verification of those data is needed, the user should be asked to review and confirm currently stored values in a supplementary procedure following logon.