Local password complexity

Device administrators can specify password complexity policies that can be used to ensure that management user passwords cannot be easily guessed or brute-forced to gain access to devices.

Configurable complexity requirements include:

• Minimum password length

• Password composition (lowercase, uppercase, numbers, symbols)

• Checking for repeat characters, repeating password, or username as part of password

• Password aging and history

The following example defines a password complexity policy that prohibits more than three repeated characters in a password, repeating password strings, or entering the username (forward or reverse) as part of the password:

switch(config)# password complexity all

To require a minimum password length of 12 characters:

switch(config)# password minimum-length 12

To create a composition policy requiring three each of lowercase and uppercase letters, three numbers, and three symbols:

switch(config)# password composition lowercase 3
switch(config)# password composition uppercase 3
switch(config)# password composition number 3
switch(config)# password composition specialcharacter 3

And, lastly, enable password aging and history checking, using the default settings of 90 days and eight passwords retained, respectively:

switch(config)# password configuration aging
switch(config)# password configuration history

For more details, refer to the chapter titled “Password Complexity” in the ArubaOS-Switch Access Security Guide.