HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 149

Password control configuration task list

Page 149 highlights

Depending on the system security requirements, you can set the minimum number of categories a password must contain and the minimum number of characters of each category. There are four password combination levels: 1, 2, 3, and 4, each representing the number of categories that a password must at least contain. Level 1 means that a password must contain characters of one category, level 2 at least two categories, and so on. When a user sets or changes the password, the system checks if the password satisfies the composition requirement. If not, the system displays an error message. • Password complexity checking A less complicated password such as a password containing the username or repeated characters is more likely to be cracked. For higher security, you can configure a password complexity checking policy to make sure that all user passwords are relatively complicated. With such a policy configured, when a user configures a password, the system checks the complexity of the password. If the password is not qualified, the system refuses the password and displays a password configuration failure message. You can impose the following password complexity requirements: { A password cannot contain the username or the reverse of the username. For example, if the username is abc, a password such as abc982 or 2cba is unqualified. { No character of the password is repeated three or more times consecutively. For example, password a111 is not qualified. • Password display in the form of a string of asterisks (*) For the sake of security, the password a user enters is displayed in the form of a string of asterisks (*). • Authentication timeout management The authentication period is from when the server obtains the username to when the server finishes authenticating the user's password. If a Telnet user fails to log in within the configured period of time, the system tears down the connection. • Maximum account idle time You can set the maximum account idle time to make accounts staying idle for this period of time become invalid and unable to log in again. For example, if you set the maximum account idle time to 60 days and user using the account test has never logged in successfully within 60 days after the last successful login, the account becomes invalid. • Logging The system logs all successful password changing events and the events of adding users to the password control blacklist. Password control configuration task list The password control functions can be configured in several views, and different views support different functions. The settings configured in different views or for different objects have different application ranges and different priorities: • Global settings in system view apply to all local user passwords and super passwords. • Settings in user group view apply to the passwords of all local users in the user group. • Settings in local user view apply to only the password of the local user. • Settings for super passwords apply to only super passwords. The above four types of settings have different priorities: 139

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285

139
Depending on the system security requirements, you can set the minimum number of categories a
password must contain and the minimum number of characters of each category.
There are four password combination levels: 1, 2, 3, and 4, each representing the number of
categories that a password must at least contain. Level 1 means that a password must contain
characters of one category, level 2 at least two categories, and so on.
When a user sets or changes the password, the system checks if the password satisfies the
composition requirement. If not, the system displays an error message.
Password complexity checking
A less complicated password such as a password containing the username or repeated characters
is more likely to be cracked. For higher security, you can configure a password complexity
checking policy to make sure that all user passwords are relatively complicated. With such a
policy configured, when a user configures a password, the system checks the complexity of the
password. If the password is not qualified, the system refuses the password and displays a
password configuration failure message.
You can impose the following password complexity requirements:
{
A password cannot contain the username or the reverse of the username. For example, if the
username is abc, a password such as abc982 or 2cba is unqualified.
{
No character of the password is repeated three or more times consecutively. For example,
password a111 is not qualified.
Password display in the form of a string of asterisks (*)
For the sake of security, the password a user enters is displayed in the form of a string of asterisks
(*).
Authentication timeout management
The authentication period is from when the server obtains the username to when the server finishes
authenticating the user’s password. If a Telnet user fails to log in within the configured period of
time, the system tears down the connection.
Maximum account idle time
You can set the maximum account idle time to make accounts staying idle for this period of time
become invalid and unable to log in again. For example, if you set the maximum account idle time
to 60 days and user using the account
test
has never logged in successfully within 60 days after
the last successful login, the account becomes invalid.
Logging
The system logs all successful password changing events and the events of adding users to the
password control blacklist.
Password control configuration task list
The password control functions can be configured in several views, and different views support different
functions. The settings configured in different views or for different objects have different application
ranges and different priorities:
Global settings in system view apply to all local user passwords and super passwords.
Settings in user group view apply to the passwords of all local users in the user group.
Settings in local user view apply to only the password of the local user.
Settings for super passwords apply to only super passwords.
The above four types of settings have different priorities: