2.5.1 Ensure Users' Accounts Do Not Have a Password Hint

Information

Password hints help the user recall their passwords for various systems and/or accounts. In most cases, password hints are simple and closely related to the user's password.

Password hints that are closely related to the user's password are a security vulnerability, especially in the social media age. Unauthorized users are more likely to guess a user's password if there is a password hint. The password hint is very susceptible to social engineering attacks and information exposure on social media networks.

Solution

Run the following command to remove a user's password hint:

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/<username> hint

example

:

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/firstuser hint

% /usr/bin/sudo /usr/bin/dscl . -list /Users hint . -delete /Users/seconduser hint

See Also

https://workbench.cisecurity.org/benchmarks/17465

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: a2fea0753ddce0b4050a4ab3db7131a19004e45964fa449b8d24039abaa93957