beautypg.com

Enabling user password masking – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 113

background image

Brocade TurboIron 24X Series Configuration Guide

79

53-1003053-01

Setting up local user accounts

A password can now be set to expire.

Enabling enhanced user password combination requirements

When strict password enforcement is enabled on the device, you must enter a minimum of eight
characters containing the following combinations when you create an enable and a user password:

At least two upper case characters

At least two lower case characters

At least two numeric characters

At least two special characters

NOTE

Password minimum and combination requirements are strictly enforced.

Use the enable strict-password-enforcement command to enable the password security feature.

TurboIron(config)#enable strict-password-enforcement

Syntax: [no] enable strict-password-enforcement

This feature is disabled by default.

The following security upgrades apply to the enable strict-password-enforcement command:

Passwords must not share four or more concurrent characters with any other password
configured on the router. If the user tries to create a password with four or more concurrent
characters, the following error message will be returned.

Error - The substring within the password has been used earlier, please

choose a different password.

For example, the previous password was Ma!i4aYa&, the user cannot use any of the following
as his or her new password:

Ma!imai$D because “Mail” were used consecutively in the previous password

&3B9aYa& because “aYa&” were used consecutively in the previous password

i4aYEv#8 because “i4aY“ were used consecutively in the previous password

If the user tries to configure a password that was previously used, the Local User Account
configuration will not be allowed and the following message will be displayed.

This password was used earlier for same or different user, please choose a

different password.

Enabling user password masking

By default, when you use the CLI to create a user password, the password displays on the console
as you type it. For enhanced security, you can configure the device to mask the password
characters entered at the CLI. When password masking is enabled, the CLI displays asterisks (*) on
the console instead of the actual password characters entered.

The following shows the default CLI behavior when configuring a username and password.

TurboIron(config)#username kelly password summertime

The following shows the CLI behavior when configuring a username and password when
password-masking is enabled.