FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

> Chapter 2 - Getting Started > Basic Administration > Passwords

Passwords

Using secure passwords are vital for preventing unauthorized access to your FortiGate. When changing the password, consider the following to ensure better security:

  • Do not make passwords that are obvious, such as the company name, administrator names, or other obvious word or phrase.
  • Use numbers in place of letters, for example, passw0rd. Alternatively, spell words with extra letters, for example, password.
  • Administrator passwords can be up to 64 characters.
  • Include a mixture of letters, numbers, and upper and lower case.
  • Use multiple words together, or possibly even a sentence, for example keytothehighway.
  • Use a password generator.
  • Change the password regularly and always make the new password unique and not a variation of the existing password, such as changing from password to password1.
  • Write the password down and store it in a safe place away from the management computer, in case you forget it or ensure that at least two people know the password in the event that one person becomes ill, is away on vacation or leaves the company. Alternatively, have two different admin logins.

Password policy

The FortiGate includes the ability to create a password policy for administrators. With this policy, you can enforce regular changes and specific criteria for a password including:

  • minimum length between 8 and 64 characters.
  • if the password must contain uppercase (A, B, C) and/or lowercase (a, b, c) characters.
  • if the password must contain numbers (1, 2, 3).
  • if the password must contain non-alphanumeric characters (!, @, #, $, %, ^, &, *, ().
  • where the password applies (admin or IPsec or both).
  • the duration of the password before a new one must be specified.
To create a password policy - GUI
  1. Go to System > Settings.
  2. Select Enable Password Policy and configure the settings as required.

 

If you add a password policy or change the requirements on an existing policy, the next time that administrator logs into the FortiGate, they are prompted to update their password to meet the new requirements before proceeding to log in.

For information about recovering a lost password and enhancements to the process, see: Resetting a lost Admin password on the Fortinet Cookbook site.

Lost Passwords

If an administrator password has been lost, refer to the SysAdmin Note on the Fortinet Cookbook site: Resetting a lost admin password.