Jose

In the implementation of IOS there is a password to get to user mode and an enable password to get to privilege mode (sometimes called enable mode). By default both of these passwords are entered in clear text and are stored in the config in clear text. Cisco provides the ability to encrypt these passwords using the service password-encryption.

However the encryption used is a fairly weak one and there are multiple sources for software that will break the encryption and recover the clear text password. So Cisco provided the ability to protect the password to privilege mode with strong encryption by configuring enable secret. So enable secret is designed to never be in the clear and to be protected by a strong encryption.

I am not sure that I understand the second part of your question. I am not sure whether you are asking about the ability to login (to user mode) without a username and only use a password or whether you are talking about login and get directly to privilege mode.

It is easy to login with a password (and no username) and go into user mode. This is the default behavior of IOS. If you configure a password on the vty lines (and configure login on the vty lines) then when you telnet to the router you will be prompted for a password and it will log you in without a user name.

If you want to login and go directly to privilege mode (without using AAA) you would want to configure login local under the vty lines which will prompt for a user name and a password. You need to configure at least one user name and password before you configure login local or you may lock yourself out of the router. In configuring the user name there is an optional parameter "privilege" and if you configure a user name with privilege 15 then that user will go directly into privilege mode. There is also a way to do this with AAA authorization but that is more complicated and can be discussed later.

HTH

Rick