The application program can include optional access security
subfields. If security subfields are included:
- If a user ID field is present, a password field must be present,
or the already-verified indicator (byte 4, bit 0) or the persistent
verification signed-on indicator (byte 4, bit 1) must be set.
- If a profile subfield is present, a user identifier subfield also
must be present.
- If a password subfield is present, a user identifier subfield
also must be present.