[Feature] - Enable Password Reveal - Device Security - D - Login and Lock Screen #146
Description
Is your feature request related to a problem? Please describe.
Using passphrases is great, but without being able to see what you've typed it can be painful. NIST & CIS reccomend enabling Password Reveal now instead of their previous reccomendation of disabling
Describe the solution you'd like
WINDOWS/IntuneManagement/SettingsCatalog/Win - OIB - SC - Device Security - D - Login and Lock Screen - v3.1.json - Should have line 161 edited from "device_vendor_msft_policy_config_credentialsui_disablepasswordreveal_1" to "device_vendor_msft_policy_config_credentialsui_disablepasswordreveal_0"
Describe alternatives you've considered
N/A - I did start making a pull request but docs say make an issue instead. Hopefully this is right
Additional context
NIST - SP800-63B - https://pages.nist.gov/800-63-3/sp800-63b.html#:~:text=Offer%20the%20option,with%20user%20needs.
Offer the option to display text during entry, as masked text entry is error-prone. Once a given character is displayed long enough for the user to see, it can be hidden. Consider the device when determining masking delay time, as it takes longer to enter memorized secrets on mobile devices (e.g., tablets and smartphones) than on traditional desktop computers. Ensure masking delay durations are consistent with user needs.
Tenable - https://www.tenable.com/audits/items/CIS_IE11_v1.0.0.audit:8c718ba1b665aa4a89e70cbf9d393219
This is a useful feature when entering a long and complex password, especially when using
a touchscreen. The potential risk is that someone else may see your password while
surreptitiously observing your screen.
CIS - https://www.cisecurity.org/insights/blog/cis-password-policy-guide-passphrases-monitoring-and-more
5.2.2.2 On Password Use
Allowing a user to briefly see what they are typing in a password field reduces entry errors. The system should optionally permit the user’s device to display individual entered characters for a short time after they type each character to verify correct entry (then replaced with an asterisk or dot). This can be particularly useful on mobile devices where the text fields are small and hard to see.
Recommendation summary:
Password Display On creation: Allow display of entire password.
On entry: Allow temporary display of each character as entered.