Chapter 9 Authentication

Table 9–10: Authentication: Preferences for X Family User, Session, and Device Security (Continued)

Field

Description

 

 

 

 

TOS User Preferences

 

 

 

Security Level

Determines the length and complexity requirements for passwords. The following

 

options are available:

 

No Security Checking (Level 0)— Usernames cannot have any spaces.

 

Passwords are not required. When this security level is selected, users

 

must still enter a valid username to access the device or network services,

 

but no password is required.

 

Basic Security Checking (Level 2)— User names must be between 6 and

 

32 characters long; passwords must be between 8 and 32 characters long.

 

Maximum Security Checking (Level 3)— User names must be between

 

6 and 32 characters long.

 

Passwords must be strong passwords, having 8 and 32 characters and containing at

 

least one numeric character and one non-alphanumeric character (special

 

characters such as ! ? and *). This is the default setting.

 

 

Password Expiration

Specifies how frequently users are required to change their passwords. You can

 

disable this feature or select a time period (from 10 days up to 1 year) from the drop

 

down list.

 

TIP Best practices for password security recommend that

 

password expiration periods should be a minimum of 30 days

 

and maximum 90 days.

 

 

Password Expiration

Determines what action the device takes in response to a password expiration

Action

event. The following options are available:

 

• Force user to change the password when it expires.

 

• Notify user of expiration. If this option is selected, the device notifies the

 

user 5 days before the expiration occurs and at each subsequent login

 

prompting the user to change the password before accessing the LSM.

 

• Disable the account.

 

 

Max Login Attempts

Determines how many failed login attempts are allowed before the system takes the

 

action specified in the Failed Login Action field.

 

 

Failed Login Action

Determines what action the system takes when the Max Login Attempt count has

 

been exceeded. The following options are available:

 

• Lockout Account. For this option, specify a Lockout Period.

 

• Disable Account

 

• Audit Event. This option creates an entry in the Audit log documenting

 

the failed login attempt.

 

 

Lockout Period

If the Lockout Account is selected as the Failed Login Action, this value determines

 

the duration of the lockout.

 

 

268 X Family LSM User’s Guide V 2.5.1