Password Requirements

The TOE enforces minimum password length and allows passwords from a set of upper-case, lower-case, numeral and special characters.

In addition to the these settings, additional OPTIONAL restrictions can be imposed by calling the command enable strict-password-enforcement.

device(config)# enable strict-password-enforcement

If enable strict-password-enforcement is executed and a user logs in and attempts to change their own user password, the following prompt is displayed:

Enter old password

After validating the old password, the following prompt is displayed:

Enter new password

These are the additional restrictions when strict-password-enforcement is in force:

The minimum password must be at least eight (8) and up to forty eight (48) characters to be CC compliant. The TOE requires that password should have:

• Must consist of characters from three or more chararacter classes, uppercase, lowercase, numeric, special characters (!, @, #, $, %, ^, &, *, (, and ) are valid.).
• Must not begin with the only uppercase character in the password. (Strict password enforcement only)
• Must not end with the only numeric character in the password. (Strict password enforcement only)

The administrator can set the minimum password length with the following command and ensure that this length must be at least eight and a maximum of forty eight:

device# enable password-min-length <length>