Enabling user password masking – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 113

Brocade TurboIron 24X Series Configuration Guide
79
53-1003053-01
Setting up local user accounts
•
A password can now be set to expire.
Enabling enhanced user password combination requirements
When strict password enforcement is enabled on the device, you must enter a minimum of eight
characters containing the following combinations when you create an enable and a user password:
•
At least two upper case characters
•
At least two lower case characters
•
At least two numeric characters
•
At least two special characters
NOTE
Password minimum and combination requirements are strictly enforced.
Use the enable strict-password-enforcement command to enable the password security feature.
TurboIron(config)#enable strict-password-enforcement
Syntax: [no] enable strict-password-enforcement
This feature is disabled by default.
The following security upgrades apply to the enable strict-password-enforcement command:
•
Passwords must not share four or more concurrent characters with any other password
configured on the router. If the user tries to create a password with four or more concurrent
characters, the following error message will be returned.
Error - The substring
choose a different password.
For example, the previous password was Ma!i4aYa&, the user cannot use any of the following
as his or her new password:
•
Ma!imai$D because “Mail” were used consecutively in the previous password
•
&3B9aYa& because “aYa&” were used consecutively in the previous password
•
i4aYEv#8 because “i4aY“ were used consecutively in the previous password
•
If the user tries to configure a password that was previously used, the Local User Account
configuration will not be allowed and the following message will be displayed.
This password was used earlier for same or different user, please choose a
different password.
Enabling user password masking
By default, when you use the CLI to create a user password, the password displays on the console
as you type it. For enhanced security, you can configure the device to mask the password
characters entered at the CLI. When password masking is enabled, the CLI displays asterisks (*) on
the console instead of the actual password characters entered.
The following shows the default CLI behavior when configuring a username and password.
TurboIron(config)#username kelly password summertime
The following shows the CLI behavior when configuring a username and password when
password-masking is enabled.