Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect PIN Complexity Requirements

Is there a way to set complexity instead of simply minimum and maximum number of characters?

We would like to prevent people from creating and using PINS like abcd or 1234 or 0000.  

Even if we had a 12 character requirement, many people would use 111111111111 as their PINs and we would like to stop this.

  • VPN
4 REPLIES

Hi,You need to define the

Hi,

You need to define the password/pin policies and restrictions in your authentication server... for anyconnect user authentication... if you are using local database then you do not have much options....

 

Regards

Karthik

New Member

I'm mostly looking for just

I'm mostly looking for just prevent sequential PINs and PINs consisting only of a repeating number like the examples I used like 1234 as a PIN.

Is there an option that would let the user use 2983 as a PIN, but not 0000 or 1234?

 

Hi, Such things you can do

Hi,

 

Such things you can do with your authentication server... there you define the rules and regulations for password string..... but not on the local database of the ASA.... I guess it can be done on the external radius server... if we make some customized attributes set on it.....

 

Regards

Karthik

Hi,

Hi,

 

Additionally if you use local-database then you can do this much with limited options.

 

Managing User Passwords

The ASA enables administrators with the necessary privileges to modify password policy for users in the current context.

User passwords have the following guidelines:

A maximum lifetime of 0 to 65536 days.

A minimum length of 3 to 64 characters.

A minimum number of changed characters for updates of 0 to 64 characters.

They may include lower case characters.

They may include upper case characters.

They may include numbers.

They may include special characters.

To specify password policy for users, perform the following steps:

 

 
 
Command
Purpose

Step 1 

password-policy lifetime value
Example:

hostname (config)# password-policy lifetime 1000

Sets the password policy for the current context and the interval in days after which passwords expire. Valid values are between 0 and 65536 days. The default value is 0 days.

Step 2 

password-policy minimum-changes value
Example:

hostname(config)# password-policy minimum-changes 4

Sets the minimum number of characters that must be changed between new and old passwords. Valid values are between 0 and 64 characters. The default value is 0.

New passwords must include a minimum of 4 character changes from the current password and are considered changed only if they do not appear anywhere in the current password.

Step 3 

password-policy minimum-length value
Example:

hostname(config)# password-policy minimum-length 8

Sets the minimum length of passwords. Valid values are between 3 and 64 characters. The recommended minimum password length is 8 characters.

If the minimum length is less than the value of any of the other minimum values (lowercase, numeric, special, and uppercase), an error message appears and the minimum length is not changed.

Step 4 

password-policy minimum-lowercase value
Example:

hostname(config)# password-policy minimum-lowercase 6

Sets the minimum number of lower case characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.

Step 5 

password-policy minimum-numeric value
Example:

hostname(config)# password-policy minimum-numeric 1

Sets the minimum number of numeric characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.

Step 6 

password-policy minimum-special value
Example:

hostname(config)# password-policy minimum-special 2

Sets the minimum number of special characters that passwords may have. Valid values are between 0 and 64 characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(` and `)'. The default value is 0, which means there is no minimum.

Step 7 

password-policy minimum-uppercase value
Example:

hostname(config)# password-policy minimum-uppercase 3

Sets the minimum number of upper case characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.

Step 8 

password-policy authenticate enable
Example:
hostname(config)# password-policy authenticate 
enable

(Optional) Determines whether or not users are allowed to modify their own user account.

If authentication is enabled, users cannot change their own password or delete their own account with the username command or with the clear configure username command.

 

 

Regards

Karthik

278
Views
0
Helpful
4
Replies
This widget could not be displayed.