Password setting

You can define the minimum length of user passwords. If a user enters a password that is shorter than the minimum length, the system rejects the password.

A password can be a combination of characters from the following types:

• Uppercase letters A to Z.

• Lowercase letters a to z.

• Digits 0 to 9.

• Special characters. For information about special characters, see the password-control composition command in Security Command Reference.

Depending on the system's security requirements, you can set the minimum number of character types a password must contain and the minimum number of characters for each type, as shown in Table 14.

In non-FIPS mode, all the combination levels are available for a password. In FIPS mode, only the level 4 combination is available for a password.

When a user sets or changes a password, the system checks if the password meets the combination requirement. If not, the operation fails.

A less complicated password such as a password containing the username or repeated characters is more likely to be cracked. For higher security, you can configure a password complexity checking policy to ensure that all user passwords are relatively complicated. With such a policy configured, when a user configures a password, the system checks the complexity of the password. If the password is complexity-incompliant, the configuration will fail.

You can apply the following password complexity requirements:

• A password cannot contain the username or the reverse of the username. For example, if the username is abc, a password such as abc982 or 2cba is not complex enough.

• A character or number cannot be included three or more times consecutively. For example, password a111 is not complex enough.