18 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Local user accounts
• Users are locked out (disabled) if they fail to login after three attempts. This feature is
automatically enabled. Use the disable-on-login-failure command to change the number of
login attempts (up to 10) before users are locked out.
The following rules are disabled by default:
• Enhanced user password combination requirements
• User password masking
• Quarterly updates of user passwords
• You can configure the system to store up to 15 previously configured passwords for each user.
• You can use the disable-on-login-failure command to change the number of login attempts (up
to 10) before users are locked out.
• A password can now be set to expire.
Enabling enhanced user password combination requirements
When strict password enforcement is enabled on the Brocade device, you must enter a minimum of
eight characters containing the following combinations when you create an enable and a user
password:
• At least two upper case characters
• At least two lower case characters
• At least two numeric characters
• At least two special characters
NOTE
Password minimum and combination requirements are strictly enforced.
Use the enable strict-password-enforcement command to enable the password security feature.
Brocade(config)# enable strict-password-enforcement
Syntax: [no] enable strict-password-enforcement
This feature is disabled by default.
The following security upgrades apply to the enable strict-password-enforcement command:
• Passwords must not share four or more concurrent characters with any other password
configured on the router. If the user tries to create a password with four or more concurrent
characters, the following error message will be returned.
Error - The substring <str> within the password has been used earlier, please
choose a different password.
For example, the previous password was Ma!i4aYa&, the user cannot use any of the following
as his or her new password:
- Ma!imai$D because “Mail” were used consecutively in the previous password
- &3B9aYa& because “aYa&” were used consecutively in the previous password
- i4aYEv#8 because “i4aY“were used consecutively in the previous password
• If the user tries to configure a password that was previously used, the Local User Account
configuration will not be allowed and the following message will be displayed.