Turn off picture password sign-inID: oval:org.secpod.oval:def:35011 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to control whether a domain user can sign in using a picture password.
If you enable this policy setting, a domain user can't set up or sign in with a picture password.
If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
Note: that the user's domain password will be cached in the system vault when using this feature.
Counter Measure:
Enable and configure this setting if picture passwords are not desired.
Potential Impact:
Users will need to log on with a different credential provider.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Logon\Turn off picture password sign-in
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System!BlockDomainPicturePassword
Platform: |
Microsoft Windows 10 |