Configuring authenticated access

Password policy

Password authentication is effective only if the password is sufficiently strong and is changed periodically. By default, the FortiGate unit requires only that passwords be at least eight characters in length. You can set a password policy to enforce higher standards for both length and complexity of passwords. Password policies can apply to administrator passwords or IPsec VPN preshared keys.

To set a password policy in the web-based manager, go to System > Admin > Settings. In the CLI, use the config system password-policy command.

The default minimum password length on the FortiGate unit is eight characters, but up to 128 characters is permitted.

Users usually create passwords composed of alphabetic characters and perhaps some numbers. Password policy can require the inclusion of uppercase letters, lowercase letters, numerals or punctuation characters.

 

Configuring password minimum requirement policy

Best practices dictate that passwords include:

  • one or more uppercase characters l  one or more lower case characters l  one or more of the numerals
  • one or more special characters.

 

The minimum number of each of these types of characters can be set in both the web-based manager and the CLI.

The following procedures show how to force administrator passwords to contain at least two uppercase, four lower care, two digits, and one special character. Leave the minimum length at the default of eight characters.

 

To change administrator password minimum requirements – web-based manager:

1. Go to System > Admin > Settings.

2. Select Enable Password Policy.

3. Select Must Contain at Least.

4. Enter the following information:

 

Upper Case Letters 2
Lower Case Letters 4
Numbers 2
Special Characters 1

 

5. Under Apply Password Policy to, select Administrator Password.

6. Select Apply.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.