Information
Apple has provided a new interface in macOS Monterey for managing passwords that mirrors the interfaced capability already available in iOS. Password management in macOS was previously available in both Safari Preferences and in Keychain Access. Apple is attempting to simplify password management for macOS and make the user experience more similar to iOS. Organizations are justifiably concerned about the risk of password managers, particularly as a possible backdoor to improved credential management regimes and greater use of Multi-Factor-Authentication (MFA).
Apple has information posted on this system preference with additional information.
Change Passwords preferences on Mac
A warning icon is shown next to a website for any of the following reasons:
- Easily guessed
- Appeared in a data leak
- Reused on another website
Organizations should remove what passwords can be saved on user computers to limit the ability of attackers to potentially steal organizational credentials. Limits on password storage must be evaluated based on both user risk and Enterprise risk.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to set Password system settings to your organization's settings:
- Open System Preferences
- Select Passwords
- Enter the user password
- Select the Detect compromised passwords setting to match your organization's settings
- Remove stored passwords that should not be saved.
Impact:
Organizations using passwords are constantly reported as having their password databases leaked to the Internet, so every password a user has should be unique. Locking down secure password management solutions so that it cannot be used pushes users to password reuse, sticky notes, or always open text files with long lists of credentials.