UCF STIG Viewer Logo

The mobile operating system must obscure passwords on the devices display when they are entered on the device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33785 SRG-OS-000079-MOS-000053 SV-44210r1_rule Low
Description
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system shall not provide any information allowing an unauthorized user to compromise the authentication mechanism. Otherwise, someone nearby the user (a.k.a., "shoulder surfer") may be able to obtain the password through visual observation.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41303r2_chk )
Review the mobile operating system configuration for obscuring passwords on the device's display when entered on the device. If the mobile operating system does not obscure passwords during entry, this is a finding.
Fix Text (F-37684r1_fix)
Configure the mobile operating system to obscure passwords on the device's display when they are entered on the device.