Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Password Specifications and Guidelines for Junos OS in FIPS Mode

The Security Administrator needs to ensure that all user passwords conform to Junos OS in FIPS mode requirements in Table 1. Attempts to configure passwords that do not conform to these specifications result in an error.

Table 1: Password Specifications and Guidelines
Requirements Details

Length

Passwords must contain at least 10 characters

Character set

Passwords must contain at least three of the following five character sets:

  • Uppercase letters

  • Lowercase letters

  • Digits

  • Punctuation marks

  • Keyboard characters are not included in the other four sets. These characters are the percent sign (%) and the ampersand (&).

    Note:

    Avoid control characters in passwords.

Authentication

All passwords and keys used to authenticate peers must contain at least 10 characters. In some cases, the number of characters must match the digest size.

Password encryption

To change the default encryption method (SHA512), include the format statement at the [edit system login password] hierarchy level.

Table 2 summarizes the guidelines for strong passwords and the characteristics of weak passwords.

Table 2: Guidelines for Strong Passwords and Characteristics of Weak Passwords
Guidelines for Strong Passwords Characteristics of Weak passwords

You can create strong and reusable passwords by using letters from a favourite phrase or word and concatenating these letters with unrelated words, digits, and punctuation marks.

 Weak passwords typically exhibit several key characteristics that make the password easy to guess or crack, thereby compromising the security of an account or system. Avoid using the weak passwords.

Strong passwords are made up of alphanumeric characters and punctuation. For FIPS compliance, include at least one change of case, one or more digits, and one or more punctuation marks in the password.

Words that might be found in or exist as a permuted form in a system file such as /etc/passwd.

Strong passwords are easy to remember so that you are not tempted to write it down.

The hostname of the system (always a first guess)

You must change the passwords periodically

Any word or phrase that appears in a dictionary or a well-known source, including dictionaries and thesaurus in languages other than English; works by classical or popular writers; or common words and phrases from sports, sayings, movies, or television shows.

Permutations of any of the words or phrases mentioned above. For example, a dictionary word with letters replaced with digits (r00t) or with digits added at the end of the word.

You must not disclose the passwords to anyone

Any machine-generated password. Algorithms reduce the search space of password-guessing programs, and you must not use machine-generated password.