Information
Password hints are user created text displayed when an incorrect password is used for an account.
Rationale:
Password hints make it easier for unauthorized persons to gain access to systems by providing information to anyone that the user provided to assist remembering the password. This info could include the password itself or other information that might be readily discerned with basic knowledge of the end user.
Impact:
The user can set the hint to any value including the password itself or clues that allow trivial social engineering attacks.
Solution
Perform the following to implement the prescribed state:
Open System Preferences
Select Users & Groups
Select Login Options
Uncheck Show password hints
Alternatively:
Run the following command in Terminal:
sudo defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int 0