user-security-policy enable

After the user-security-policy enable command is run, the user name and password in the AAA view or local AAA server view must comply with the following rules:

• A local user name must be longer than five characters.
• For passwords
  • A password must contain at least eight characters.
  • A password must consist of digits, upper- and lower-case letters, and special characters (not including spaces or question marks. However, when quotation marks (") are used around the password, spaces are allowed in the password).
  • A password cannot contain the user name nor the reverse of the user name.
  • A password cannot be the same as any of the most recent passwords including the current password.

After the password is reset, the user is required to change the password upon the first login.

If the login password does not satisfy the user security policy, the system prompts you to change your password. Change your password based on the prompted message.

The undo user-security-policy enable command deletes a security policy for local user names and passwords, which reduces local user account security. Therefore, configuring a local user account security policy is recommended.

The user-security-policy enable command takes effect for new users and does not affect existing users.

After you configure the user-security-policy enable command, the restrictions on local user names and passwords are as follows:

• The restrictions on local user names take effect when a new user account is created and do not affect existing users in the system.
• The restrictions on local user passwords take effect when a new user account is created or a user password is modified. Existing users can use their passwords to log in to the device even if their passwords do not meet the restrictions, but the system prompts the users to modify their passwords.

A changed local account irreversible password will be saved as a ciphertext password that cannot be used for CHAP authentication users, such as PPP users. But a changed local account of reversible password will be saved as a ciphertext password that can be used for CHAP authentication users when a user password is modified, the old password should be input.