Password strength policy

The following table lists configurable password policy parameters.

Table 1. Password policy parameters

Parameter

Description

admin-lockout

Enables lockout for admin role accounts.

character-restriction lower

Specifies the minimum number of lowercase alphabetic characters that must occur in the password. The maximum value must be less than or equal to the minimum length value. The default value is zero, which means there is no restriction of lowercase characters.

character-restriction upper

Specifies the minimum number of uppercase alphabetic characters that must occur in the password. The maximum value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of uppercase characters.

character-restriction numeric

Specifies the minimum number of numeric characters that must occur in the password. The maximum value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of numeric characters.

character-restriction special-char

Specifies the minimum number of punctuation characters that must occur in the password. All printable, non-alphanumeric punctuation characters except the colon(:), exclamation mark (!), and question mark (?) are allowed. The value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of punctuation characters.

Special characters, such as backslash (\) and question mark (?), are not counted as characters in a password unless the password is specified within quotes. For firmware download passwords, apostrophe (') cannot be used.

history

Specifies the number of old passwords against which a newly configured password is checked. The new password is discarded if it matches an old password. Range is from 0 through 10. The default is 0.

login-notify-duration

Specifies the duration in hours for which admin is notified of the number of last successful attempts. Use value 0 to disable the notification. Valid values range from is from 0 through 120. The default is 0.

min-length

Specifies the minimum length of the password. Passwords must be from 8 through 32 characters in length. The default value is 8. The total of the previous four parameters (lowercase, uppercase, digits, and punctuation) must be less than or equal to the Minimum Length value.

max-logins

Specifies the maximum number of log-in sessions allowed per local user. Range is from 0 through 10. The default is 0, representing an infinite number of log-ins.

max-retry

Specifies the number of failed password logins permitted before a user is locked out. The lockout threshold can range from 0 through 16. The default value is 0. When a password fails more than one of the strength attributes, an error is reported for only one of the attributes at a time.

repeat

Specifies the minimum number of consecutive repetitive characters in a newly configured password. The new password is discarded if it has consecutive repetitive characters (for example, aaa, xxx,1111). Configure 1 for disabling. The default is 1.

sequence

Specifies the minimum number of consecutive sequential characters both in forward and reverse direction (for example, abc, cba) in a newly configured password. The new password is discarded if it has consecutive sequential characters (for example, abc, xyz, fedc). Configure 1 for disabling. The default is 1.

Note

Note

Passwords have a maximum of 40 characters.