5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled

Information

Secure Keyboard Entry prevents other applications on the system and/or network from detecting and recording what is typed into Terminal. Unauthorized applications and malicious code could intercept keystrokes entered in the Terminal.

Enabling Secure Keyboard Entry minimizes the risk of a key logger detecting what is entered in Terminal.

Solution

Run the following command to ensure keyboard entries are secure in Terminal for every user that is non-compliant:

% /usr/bin/sudo -u <username> /usr/bin/defaults write -app Terminal SecureKeyboardEntry -bool true

Impact:

Enabling this in Terminal would prevent an application that is otherwise validly intercepting keyboard input from intercepting that input in Terminal.app. This could impact productivity tools.

See Also

https://workbench.cisecurity.org/benchmarks/17466