Configure Secure Passwords Mode
Passwords that are complex and long in length provide security. To to enable the secure passwords mode:
|
1.
|
Select Settings > Global Settings > Security. The Security page displays. Secure Cryptography and Secure Passwords are disabled by default. |
|
3.
|
On the Edit Security Settings page, select Secure Passwords. |
|
4.
|
In the Min Password Length field, specify the minimum password length from 8 to 30 characters. |
For Common Criteria certification, the password length should be at least 15 characters.
The system displays the following notification:
Security settings updated successfully. Please reboot the device for the settings to take effect.
|
a.
|
Select Settings > Reboot and Upgrade. |
When you create a password from the User Setup page, the password must contain at least one character of each of the following:
|
■
|
special characters, for example, !, @, #, $, %, ^, &, or * |
The minimum number of characters allowed is determined by the Secure Passwords setting if it is enabled.
For example, use the following steps to create and set the password for a user named myuserid user:
|
1.
|
Select Roles and Users > Users. |
|
2.
|
On the User Setup page, click Add. The Add New User page appears. |
|
3.
|
Enter the account details for the user. If the password does not adhere to the rules, a message is displayed. |
|
4.
|
After competing the account details, click Save. |
Manage Blank Passwords
Starting in software version 5.1, you can manage user accounts with blank passwords. By default, login with a blank password is allowed. However, you can also disallow login with a blank password to enhance security on the node.
The upgrade to software version 5.1 will go smoothly and all user accounts with blank passwords will remain intact and active. Disallowing login with a blank password will disable all user accounts with blank passwords. An admin user must take explicit action to re-enable those accounts.
An admin user will be able to re-allow login with blank passwords. However, this action will not automatically enable those user accounts that were previously disabled when login with a blank password was disallowed.
H-VUE options and error messages have been added to manage blank passwords. They are for local authentication only.
Refer to the following sections for details on managing blank passwords:
Disallow Login with a Blank Password
When upgrading from a software version prior to 5.1, by default, login with a blank password is allowed. However, there are new CLI command options to disallow login with a blank password. This enhances security on the node.
When logging in is not allowed without a password, a user will not be able to login if their user account does not have a password configured. When the user logs in, they will be prompted for a password as if one has been configured, but login attempts will fail.
To manually disallow logging into a system with a blank password:
|
1.
|
Go to Settings > Global Settings > Security. The Allow Blank Passwords field should be Disabled. |
|
2.
|
If it is enabled, click Edit and uncheck the Allow Blank Passwords check box. |
The following messages can be displayed when logging in is not allowed without a password:
|
■
|
a warning message if there are any user accounts in the system with a blank password |
|
■
|
an error message if the admin user account has a blank password |
|
■
|
an error message if the currently logged in user has a blank password |
|
■
|
an error message if there is an attempt to configure a blank password for a user |
Allow Login with a Blank Password
An admin user can configure a setting to allow logging into a system without a password. Keep in mind that this is less secure.
When logging in is allowed without a password, a user will be able to login if their user account does not have a password configured, in other words, if their password is blank.
To allow logging into a system with a blank password:
|
1.
|
Go to Settings > Global Settings > Security. |
|
2.
|
Click Edit. Select the Allow Blank Passwords check box. |