Brocade Communications Systems Brocade ICX 6650 6650 User Manual

18

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Local user accounts

•

Users are locked out (disabled) if they fail to login after three attempts. This feature is
automatically enabled. Use the disable-on-login-failure command to change the number of
login attempts (up to 10) before users are locked out.

The following rules are disabled by default:

•

Enhanced user password combination requirements

•

User password masking

•

Quarterly updates of user passwords

•

You can configure the system to store up to 15 previously configured passwords for each user.

•

You can use the disable-on-login-failure command to change the number of login attempts (up
to 10) before users are locked out.

•

A password can now be set to expire.

Enabling enhanced user password combination requirements

When strict password enforcement is enabled on the Brocade device, you must enter a minimum of
eight characters containing the following combinations when you create an enable and a user
password:

•

At least two upper case characters

•

At least two lower case characters

•

At least two numeric characters

•

At least two special characters

NOTE

Password minimum and combination requirements are strictly enforced.

Use the enable strict-password-enforcement command to enable the password security feature.

Brocade(config)# enable strict-password-enforcement

Syntax: [no] enable strict-password-enforcement

This feature is disabled by default.

The following security upgrades apply to the enable strict-password-enforcement command:

•

Passwords must not share four or more concurrent characters with any other password
configured on the router. If the user tries to create a password with four or more concurrent
characters, the following error message will be returned.

Error - The substring <str> within the password has been used earlier, please
choose a different password.

For example, the previous password was Ma!i4aYa&, the user cannot use any of the following
as his or her new password:

-

Ma!imai$D because “Mail” were used consecutively in the previous password

-

&3B9aYa& because “aYa&” were used consecutively in the previous password

-

i4aYEv#8 because “i4aY“were used consecutively in the previous password

•

If the user tries to configure a password that was previously used, the Local User Account
configuration will not be allowed and the following message will be displayed.