Password Control Tab

Strong passwords provide greater security for appliance access by requiring more complicated passwords and imposing time constraints on them.

You can choose from several password controls to require of users. The more password controls you enable, the stronger the password security is on the appliance.

With strong passwords enabled, you can specify requirements for any or all of the following:

• Enable Password Control—Selecting this check box requires all user passwords to use strong passwords. This setting controls only the GUI passwords. Strong passwords for CLI accounts are controlled through the show strong_passwd command.
• Enforce Password Length Rules—The minimum and maximum number of characters required and allowed in a password (default is15). This is not strictly enforced if the length field is NULL.
• Enforce Password Character Rules—The minimum number of characters required in a password for different character types: uppercase letters, lowercase letters, digits, and non-alphanumeric characters (default and minimum for each = 1)
• Enforce Password Expiration Rules—The number of days after which a password expires (1 through 99999)
• Enforce Password Management Rules—The number (3 to 100) of a user’s previous passwords that a new password cannot match. Three previous passwords is the default value.
• Enforce Account Lockout Rules—The number of failed login attempts, after which the user’s account is locked, and the duration of the lockout time interval (default = 1440 minutes, i.e. 1 day)

  Locked out accounts are automatically available again after the time interval expires. To unlock an account sooner, reset this value to a low setting. The account is unlocked after this lower setting expires. After that time, reset this value back to its original higher setting.

When you enable strong passwords on the appliance, each existing user is prompted for a password change upon their next login if the existing password is not a strong password.