Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
2
Replies

Password Setting Updates in Cisco Business Switches Firmware 3.2

CoreyP319
Cisco Employee
Cisco Employee

‎07-07-2022 01:28 PM - edited ‎07-07-2022 01:29 PM

Heads up CBS250 & CBS350 users, the upcoming firmware update version 3.2 will contains updates to the password requirements. An article will be linked once published. Below is a snippet from that article highlighting the mandatory changes. 

 

These will apply to all new user accounts and any password changes made to existing user accounts.

  • New Rules cannot be disabled.

  • It will verify that the password is not from a list of known common passwords. This common password list was compiled by choosing the 10,000 most used passwords from a list of the 10,000,000 most common passwords. This list can be found on the github link.

  • No variations of the common passwords using upper/lower case or using the following character substitutions:

     

    "$" for "s", "@" for "a", "0" for "o", "1" for "l", "!" for "i", "3" for "e“

  • It will block passwords that include more than two sequential characters in a row (again looking for common substitutions and case). For example, if a password contains abc, it will be blocked as it has three sequential letters. So would @bc since there is the common substitution of the @ symbol for a. Similarly, cba will be blocked as it is sequential in reverse order. Other examples include “efg123!$”, “abcd765%”, “kji!$378”, "qr$58!230".

  • New password must not contain the username. For example, no “Admin548” for user admin.

  • New password must not contain the manufacturer name. For example, no C!sc0IsCool.

  • New password must not contain the product name. For example, no CBSCo0l$witch

Labels:
0 Helpful
2 Replies 2

Terabyte
Beginner
Beginner

‎03-10-2023 12:04 PM

Cisco's arrogance never ceases to amaze me. You prevent device owners from using passphrases because some clueless programmer who thinks they know security thinks that doubled letters are a security risk yet "Now is the time for all good men" is a MUCH MUCH MUCH stronger password than something that has to be written down to be remembered.  This is OUR hardware.  Why don't you guys focus on fixing actual problems rather than fixing ones that don't exist? 

0 Helpful

CoreyP319
Cisco Employee
Cisco Employee
In response to Terabyte

‎03-10-2023 12:39 PM

Hello Terabyte,

Thank you for sharing your point of view. Password standards are something I agree we need to do better. Especially unifying the same standard across devices. There is agreement among our team that password standards need attention and we'll continue to represent this view in our conversations with our counterparts.

Thanks again,

Corey

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents