Changing the Format of Plain-Text Passwords
Problem
You want to require the passwords for user accounts to be longer than six characters and to have more than one case change.
Solution
Set all plain-text passwords to be from 8 to 20 characters long and to contain at least two case changes:
[edit system login] aviva@router1# set password maximum-length 20 aviva@router1# set password minimum-length 8 aviva@router1# set password minimum-changes 2
Discussion
By default, plain-text passwords must be at least six characters long and must contain one change from either letters to numbers (or vice versa) or from lowercase to uppercase (or vice versa). You can harden the router's security even more by increasing the minimum password length and the minimum number of case and letter-to-number changes.
The commands in this recipe require that all plain-text passwords be from 8 to 20 characters long and contain at least 2 case changes. The changes take effect when you next configure a plain-text password for a user:
[edit system login] aviva@router1# set user sage authentication plain-text-password New password:T91912 error: minimum password length is 8 error: require 2 changes of case, digits or punctuation
This password is not acceptable because it is shorter than eight characters and has only one change from a letter to a number. An example of a valid password with these conditions is $1991poppI.
When you change the requirements for plain-text passwords, the new parameters affect only newly created passwords, so already existing passwords may not be as secure as your new password policy.
See Also
Recipe 2.5