Details

Safari can utilize a user-level keychain for credential storage, and then access that information when revisiting websites on the same domain. By disabling this feature the user will be prompted to manually enter their credentials when they visit a website.

Rationale:

If this setting is enabled, users can have Safari store and retrieve passwords through the user-level Keychain and provide them automatically the next time they log in to a site. An intruder who has unrestricted access to your computer for even a minute can gain access to secure site areas.

Solution

Follow the below steps to set AutoFill user names and passwords to Disabled:

1. Click Safari.
2. Click Preferences.
3. Click Passwords.
4. Uncheck the AutoFill user names and passwords checkbox.

To configure the plist follow the below steps:

1. Open the com.apple.Safari.plist.
2. Find the token AutoFillPasswords
3. Ensure this token is immediately followed by

Default Value:
Enabled.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1822

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|13

Source

• Tenable.com/audits