UCF STIG Viewer Logo

The touch keyboard or input panel must not highlight keys as passwords are entered.


Overview

Finding ID Version Rule ID IA Controls Severity
V-56421 WN08-CC-000147 SV-70679r1_rule ECSC-1 Low
Description
The touch keyboard or input panel may highlight keys as passwords are entered, providing visibility to nearby persons, and compromising them.
STIG Date
Windows 8 / 8.1 Security Technical Implementation Guide 2016-12-19

Details

Check Text ( C-56979r1_chk )
If the system does not have a touch screen, this is NA.
If the system has a touch screen and the following registry values do not exist or are not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry path: \SOFTWARE\Policies\Microsoft\TabletTip\1.7\

Value Name: PasswordSecurityState
Type: REG_DWORD
Value: 1

Value Name: PasswordSecurity
Type: REG_DWORD
Value: 4 or 5
(1, 2, or 3 are a finding)
Fix Text (F-61305r1_fix)
If the system does not have a touch screen, this is NA.
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Tablet PC -> Input Panel -> "Turn off password security in Input Panel" to at least "Enabled: Medium High".