Information
Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:
a) The default password length shouldn't be below 8 characters.
b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4
c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password
d) Check either of the following words exist in configuration file:
- Encrypt none
- Authentication null
- Encrypted null
- Encryption null
- Security-protocol noauth
- Encrypted noauth
e) If 'strong-password max-length' not displayed in configuration, then pass this check.
If 'strong-password max-length' displayed in configuration, but max-length value below 10, or not both configuration 'username-related-chk inverse' and 'strong-password date-check enable' commands, then fail this check.
f) The validity period of an account can be configured.
Solution
It is recommended to set password to support check of simple passwords and weak passwords
ZXR10# configure terminal
ZXR10 (config)# system-user
ZXR10 (config-system-user)# strong-password same-consecutive 5