Password Policy on Cisco Asa

sv7 · ‎12-01-2021

Hi All,

Need to configure below password policy on my live Cisco Asa. Need to know will i lose the accessibility of my device anyhow after configuring the password policy. Also what are the precaution i should take before executing the command

• Step 1: Run the following to set the password lifetime in days to less than or equal to
180

• hostname(config)#password-policy lifetime 30
• Step 2: Run the following to set the minimum number of characters that must be
changed between the old and the new passwords, to be to be greater than or equal
to 14.
• hostname(config)#password-policy minimum-changes 14
• Step 3: Run the following to set the minimum number of upper case characters in
the password, to be to be greater than or equal to 1
• hostname(config)#password-policy minimum-uppercase 1
• Step 4: Run the following to set the minimum number of lower case characters in
the password, to be to be greater than or equal to 1
• hostname(config)#password-policy minimum-lowercase 1
• Step 5: Run the following to set the minimum number of numeric characters in the
password, to be greater than or equal to 1
• hostname(config)#password-policy minimum-numeric 1
• Step 6: Run the following to set the minimum number of special characters in the
password, to be greater than or equal to 1
• hostname(config)#password-policy minimum-special 1
• Step 7: Run the following to set the password minimum length, to be greater than or
equal to 14
• hostname(config)#password-policy minimum-length 14

Karsten Iwen · ‎12-01-2021

My precaution for any system where I enforce a password-policy is to make sure that at last my own password matches the new policy before applying the policy.

And for increased security I would better use a central authentication server via TACACS+ or RADIUS and control the passwords there. In that case you only need a fallback password on the local device that can be *really* complex.