Professional Documents
Culture Documents
JOB AID
Enforcing a Secure
Password Policy on the
BIG-IP System
DIGITAL EDUCATION SERIES
JOB AID
TABLE OF CONTENTS
DIGITAL 2
EDUCATION
SERIES
BIG-IP ADMINISTRATOR TRAINING
BIG-IP FUNDAMENTALS CURRICULUM
The following table summarizes the various secure password policy options available. The system only enforces
these options when Secure Password Enforcement (policy-enforcement in TMSH) is enabled:
DIGITAL 3
EDUCATION
SERIES
BIG-IP ADMINISTRATOR TRAINING
BIG-IP FUNDAMENTALS CURRICULUM
DIGITAL 4
EDUCATION
SERIES
BIG-IP ADMINISTRATOR TRAINING
BIG-IP FUNDAMENTALS CURRICULUM
Requirements: You must be an Administrator to enable and configure a secure password policy.
1. On the BIG-IP system, navigate to System » Users : Authentication, and set Secure Password
Enforcement to Enabled...
2. In the Password Policy section, change the password restriction settings as desired. In the screenshot below,
the following restrictions are set:
a. Minimum password length is 12
b. Passwords must contain at least 2 numbers, 2 uppercase characters, 2 lowercase characters, and 1
special character.
c. No password reuse for up to 4 previous passwords
d. Users must change their passwords every 90 days
e. Users are locked out if they enter an invalid password 3 times
3. Click the Update button to save the configuration and begin enforcing the secure password policy.
DIGITAL 5
EDUCATION
SERIES
BIG-IP ADMINISTRATOR TRAINING
BIG-IP FUNDAMENTALS CURRICULUM
Requirements: You must be an Administrator to enable and configure a secure password policy. Any role can list
the current secure password policy's settings.
In the example below, the following restrictions are set, and the configuration saved:
• Minimum password length is 12
• Passwords must contain at least 2 numbers, 2 uppercase characters, 2 lowercase characters, and 1 special
character.
• No password reuse for up to 4 previous passwords
• Users must change their passwords every 90 days
• Users are locked out if they enter an invalid password 3 times
• All other settings are left at their defaults
DIGITAL 6
EDUCATION
SERIES