Within Identification and Authentication requirements of NIST SP 800-171, 3.5.11 (CMMC Practice IA.L2-3.5.11) requires the that feedback of authentication information be obscured. It might feel obvious that nearly all systems in the last 25+ years obscure password input, however strictly controlling the setting can prove to be beneficial.
Utilize the following GPO on Windows systems to disable the password reveal button.
Computer Configuration –> Windows Settings –> Administrative Templates –> Windows Components –> Credential User Interface –> Do not display the password reveal button –> Enabled
