An Authentication Credential is something such as a password, biometric identifier (for example, a fingerprint, iris scan, or voiceprint), certificate, security token or other confirmation of identity that is presented to verify that access to a resource is allowed.
Multifactor Authentication requires a user to provide more than one kind of Authentication Credential to be allowed access to a system. In general, this would be at least two of something you know (a password), something you hold (a secure token) and something you are (biometric identifier such as a fingerprint). Requiring at least two types of authentication provides protection if one credential is compromised.
Passwords or other authentication credentials must not be shared. Any misuse of Information Resources or unauthorized access to Restricted Information using shared passwords or other authentication credentials will be treated as misuse by the authentication credential owner. Passwords must not be kept in plain view, or stored in an easily accessible location. Authentication devices must be kept physically secure.
Mobile device users must not create passwords, passcodes or other authentication credentials on their devices that would allow access to Restricted Information by individuals (including, but not limited to, friends, family, students and co-workers) who have no business need to access the Restricted Information. For example, you must not configure fingerprint access on your smartphone for others if that could allow them access to Restricted Information on your smartphone unless the access is necessary for their job duties. Any unauthorized access to Restricted Information using credentials configured on a device will be the responsibility of the owner of the device.
If I want to ensure I am the only one who can access my smartphone or tablet because my device stores or has access to Restricted Information, how do I change the passcode, Touch ID fingerprint settings, or screen lock configuration?