Information
Apple has provided a new interface in macOS Monterey for managing passwords that mirrors the interfaced capability already available in iOS. Password management in macOS was previously available in both Safari Preferences and in Keychain Access. Apple is attempting to simplify password management for macOS and make the user experience more similar to iOS. Organizations are justifiably concerned about the risk of password managers, particularly as a possible backdoor to improved credential management regimes and greater use of Multi-Factor-Authentication (MFA).
Apple has information posted on this system preference with additional information.
Change Passwords preferences on Mac
A warning icon is shown next to a website for any of the following reasons:
Easily guessed
Appeared in a data leak
Reused on another website
Rationale:
Organizations should remove what passwords can be saved on user computes and the ability of attackers to potentially steal organizational credentials. Limits on password storage must be evaluated based on both user risk and Enterprise risk.
Impact:
Organizations using passwords are constantly reported as having their password databases leaked to the Internet so every password a user has should be unique. Locking down secure password management solutions so that it cannot be used pushes users to password reuse, sticky notes or always open text files with long lists of credentials.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to set Password system settings to your organization's settings:
Open System Settings
Select Passwords
Enter the user's password
Select the Security Recommendations
Remove stored passwords that should not be saved.