Configuring password minimum requirement policy
Best practices dictate that passwords include:
• one or more uppercase characters
• one or more lower care characters
• one or more of the numerals
• one or more non alphanumeric characters, such as punctuation marks.
The minimum number of each of these types of characters can be set in both the web-based manager and the CLI.
The following procedures show how to force administrator passwords to contain at least two uppercase, four lower care, two digits, and one non-alphanumeric characters. Leave the minimum length at the default of eight characters.
To change administrator password minimum requirements - web-based manager
1. Go to System > Admin > Settings.
2. Select Enable Password Policy.
3. Select Must Contain.
4. Enter the following information:
uppercase Letters | 2 |
lower case Letters | 4 |
Numerical Digits | 2 |
Non-alphanumeric Letters | 1 |
5. Under Apply Password Policy to, select Admin Password.
6. Select Apply.
To change administrator password minimum requirements - CLI
config system password-policy
set status enable
set apply-to admin-password
set min-upper-case-letter 2
set min-lower-case-letter 4
set min-number 2
set min-non-alphanumeric 1
set change-4-characters enable
end
The change-4-characters option forces new passwords to change a minimum of four characters in the old password. Changing fewer characters results in the new password being rejected. This option is only available in the CLI.