2.13.1 Audit Passwords System Preference Setting


Apple has provided a new interface in macOS Monterey for managing passwords that mirrors the interfaced capability already available in iOS. Password management in macOS was previously available in both Safari Preferences and in Keychain Access. Apple is attempting to simplify password management for macOS and make the user experience more similar to iOS. Organizations are justifiably concerned about the risk of password managers, particularly as a possible backdoor to improved credential management regimes and greater use of Multi-Factor-Authentication (MFA).

Apple has information posted on this system preference with additional information.

Change Passwords preferences on Mac

A warning icon is shown next to a website for any of the following reasons:

Easily guessed

Appeared in a data leak

Reused on another website


Organizations should remove what passwords can be saved on user computers, thus limiting the ability of attackers to potentially steal organizational credentials. Limits on password storage must be evaluated based on both user risk and Enterprise risk.


Organizations using passwords are constantly reported as having their password databases leaked to the Internet so every password a user has should be unique. Locking down secure password management solutions so that it cannot be used pushes users to password reuse, sticky notes, or always open text files with long lists of credentials.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Graphical Method:
Perform the following steps to set Password system settings to your organization's settings:

Open System Settings

Select Passwords

Enter the user's password

Select the Security Recommendations

Remove stored passwords that should not be saved.

See Also


Item Details


References: 800-53|AC-2(1), 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: fcce2e53d8587509b31b497fd8a3088fb89a7cbfbbb6adaf36f5c05829cecdb2