2.5.1 Ensure Users' Accounts Do Not Have a Password Hint

Information

Password hints help the user recall their passwords for various systems and/or accounts. In most cases, password hints are simple and closely related to the user's password.

Password hints that are closely related to the user's password are a security vulnerability, especially in the social media age. Unauthorized users are more likely to guess a user's password if there is a password hint. The password hint is very susceptible to social engineering attacks and information exposure on social media networks.

Solution

Run the following command to remove a user's password hint:

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/<username> hint

example

:

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/firstuser hint

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/seconduser hint

See Also

https://workbench.cisecurity.org/benchmarks/17466

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: b1ace018119491f2dc1cad27ffe2f274db3fc04b651f81305f0e0ea9d1e4646d