08-03-2012 06:35 AM - edited 03-07-2019 08:08 AM
Cisco sent a letter addressing the lack of ability in enforcing a minimum password length on IOS devices and ASAs. In the letter, Cisco states that "With the shipping versions of Cisco IOS as of the current date, the native capabilities allow for encrypting the password as well as specifying a minimum length."
In regards to specifying a minimum length, I believe Cisco is referring to Autosecure for routers. But I don't know of any way to set a minimum password length on switches, even though Cisco states that it is natively support by IOS. I also know of no way to do this with ASAs. I know we can enforce several policies with TACACS, but we're looking for device IOS capabilities.
I'd also like to know what is meant by a "shipping version" of IOS. I'd always thought that a device came with a base IOS with a base license.
Thanks for the time and help.
Solved! Go to Solution.
08-03-2012 07:17 AM
With "shipping version" the newest available versions are ment. If you don't use them, some of these fancy new features can't be used.
For the ASA:
asa(config)# password-policy ?
configure mode commands/options:
authenticate-enable Enable the user authentication feature
lifetime Set password lifetime
minimum-changes Set minimum character changes between old and new
password
minimum-length Set minimum password length
minimum-lowercase Set minimum number of lowercase password characters
minimum-numeric Set minimum number of numeric password characters
minimum-special Set minimum number of special password characters
minimum-uppercase Set minimum number of uppercase password characters
IOS-Router:
router(config)#security passwords min-length ?
<0-16> Minimum length of all user/enable passwords
For the Catalyst I'm not aware of a corresponding setting. But the best option is to let the TACACS-server control these settings.
08-03-2012 07:20 AM
you can set password min-length by using the following command;
security passwords min-length
Full details of the command can be found here;
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s1gt.html#wp1204059
Please rate post if helpful
08-03-2012 07:17 AM
With "shipping version" the newest available versions are ment. If you don't use them, some of these fancy new features can't be used.
For the ASA:
asa(config)# password-policy ?
configure mode commands/options:
authenticate-enable Enable the user authentication feature
lifetime Set password lifetime
minimum-changes Set minimum character changes between old and new
password
minimum-length Set minimum password length
minimum-lowercase Set minimum number of lowercase password characters
minimum-numeric Set minimum number of numeric password characters
minimum-special Set minimum number of special password characters
minimum-uppercase Set minimum number of uppercase password characters
IOS-Router:
router(config)#security passwords min-length ?
<0-16> Minimum length of all user/enable passwords
For the Catalyst I'm not aware of a corresponding setting. But the best option is to let the TACACS-server control these settings.
08-03-2012 10:45 AM
Thanks karsten for your time and knowledge. This is exactly what I was looking for.
08-03-2012 07:20 AM
you can set password min-length by using the following command;
security passwords min-length
Full details of the command can be found here;
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s1gt.html#wp1204059
Please rate post if helpful
09-24-2021 08:07 AM
I have a Cisco 9200L switch running IOS XE version 16.12.4 and the command for setting the minimum password length is not present.
NBS-BT-ICT-C9200L(config)#security ?
% Unrecognized command
How can set the password length?
09-25-2021 12:28 AM
Hello,
I checked all command references up to the latest Bengaluru (17.6.x) release, there is no command to set the minimum password length, unfortunately...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide