Password complexity for the USG2000&5000 series


Password complexity requires that a password shall meet the following conditions at the same time:
- The minimum password length is 8 characters.
- The password is a string containing at least three types out of uppercase letters (A to Z), lowercase letters (a to z), digits (0 to 9), and special characters such as the exclamatory mark (!), pound sign (#), dollar sign ($), and percent sign (%).
- The password cannot be the same as the user name or its reverse.
- A new password cannot be the same as the previous ones.

Other related questions:
Administrator user name and password change for the USG2000&5000 series
For firewalls, once an administrator account is created, the user name cannot be changed. You can change the administrator password on the web UI: 1. Choose System > Administrators > Administrators. 2. Click the Edit icon on the line of the administrator and change the password in the displayed dialog box. In addition, you can run the current-user password-modify command to change the password of the current administrator.

Modifying the administrator password complexity on the USG2000&5000
The password complexity requirement of the USG2000&5000 cannot be modified. After the password policy is enabled, only passwords that meet the password complexity requirement can be successfully configured. Enable or disable the password policy as follows: - On the web UI, choose System > Admin > Administrators, select or deselect Password Policy, and click Apply. - An example of enabling or disabling the password policy through the CLI is as follows: # Enable the password policy. system-view [sysname]aaa [sysname-aaa]password-policy mandatory enable # Disable the password policy. system-view [sysname]aaa [sysname-aaa]undo password-policy mandatory enable By default, the password policy is enabled. After you disable the function, passwords that do not meet complexity requirements can be configured. However, these passwords bring about security risks and you are advised not to disable this function.

Setting the console password on the USG2000&5000
For the login through the console port, the account and password must be set. 1. During the first log, use the default account (admin) and password (Admin@123) of the console port. 2. To prevent an unauthorized user to access the device with the default account and password, you are advised to change this password after your first login to the device. system-view [sysname] user-interface Console 0 [sysname-ui-Console0] authentication-mode local user admin password cipher *********

Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top