Plain-Text Passwords
Change the Requirements for Plain-Text Passwords
To change the requirements for plain-text passwords, include the
password statement at the [edit system login]
hierarchy level:
[edit system login] password { change-type (set-transitions | character-set); format (sha1 | sha256 | sha512); maximum-length length; maximum-lifetime days minimum-changes number; minimum-character-changes number minimum-length length; minimum-lifetime days minimum-lower-cases number; minimum-numerics number; minimum-reuse number minimum-punctuations number; minimum-upper-cases number; }
These statements apply to plain-text passwords only, not encrypted passwords.
How to Change the Requirements for Plain-Text Passwords
This example shows how to set various maximum and minimum requirements for plain-text passwords to increase password strength.
Overview
You can use a variety of requirements to strengthen plain-text passwords for greater
security. Many possible configurations exist at the [edit system login
password] hierarchy level that allow you to require users to create
plain-text passwords conforming to a particular set of requirements. These
requirements may include such things as password length, number of changes, type of
characters, numbers, or letter case.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a
text file, remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the CLI at the
[edit] hierarchy level.
set system login password minimum-length 12 set system login password maximum-length 22 set system login password minimum-numerics 1 set system login password minimum-upper-cases 1 set system login password minimum-lower-cases 1 set system login password minimum-punctuations 1
Configure the Requirements for Plain-Text Passwords
Step-by-Step Procedure
This example configures password requirements that require the user to create a password with at least 12 characters but no more than 22 characters. The password requirements also specify at least one lowercase letter and one uppercase letter, at least one punctuation character, and at least one numeric character.
-
Enter configuration mode and navigate to the
[edit system login password]hierarchy level.user@host> configure [edit] user@host# edit system login password
-
Set a minimum length requirement of 12 characters and a maximum length requirement of 22 characters for user passwords.
[edit system login password] user@host# set minimum-length 12 [edit system login password] user@host# set maximum-length 22
-
Require users to set a password that has at least one lowercase letter and at least one uppercase letter.
[edit system login password] user@host# set minimum-lower-cases 1 [edit system login password] user@host# set minimum-upper-cases 1
-
Require users to set a password that has at least one punctuation character and at least one numeric character.
[edit system login password] user@host# set minimum-punctuations 1 [edit system login password] user@host# set minimum-numerics 1
Results
In configuration mode, confirm your configuration by entering the
show command at the [edit system login
password] hierarchy level..
[edit system login password] user@host# show minimum-length 12; maximum-length 22; minimum-numerics 1; minimum-upper-cases 1; minimum-lower-cases 1; minimum-punctuations 1;
If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
After you have confirmed that the configuration is correct, enter
commit in configuration mode.