The system must be configured to not show password hints.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25305 | OSX00325 M6 | SV-37226r1_rule | IAAC-1 | High |
| Description |
|---|
| Providing information in the password hint field could compromise the integrity of the password. Showing password hint could allow someone shoulder surfing to gain information leading to unauthorized access to the system. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-35916r1_chk ) |
|---|
| 1. Open System Preferences->Accounts Panel. 2. Select Login Options. 3. Ensure the "Show password hints" is not checked. If the option is checked, this is a finding. |
| Fix Text (F-31173r1_fix) |
|---|
| 1. Open System Preferences->Accounts Panel. 2. Select Login Options. 3. Deselect "Show password hints" to disable this option. |