For security reasons, you can change passwords for the accounts that are used by your Cloud Foundation system. Changing these passwords periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities.
You specified passwords for your Cloud Foundation system as part of the bring-up procedure. You can rotate and update some of these passwords using the password management functionality in the SDDC Manager Dashboard or by using cURL API requests. For example:
- Accounts used for service consoles, such as the ESXi root account.
- The single sign-on administrator account.
- The default administrative user account used by virtual appliances.
To provide optimal security and proactively prevent any passwords from expiring, you should rotate passwords every 80 days.
Some tasks require dual authentication, that is, they required a privileged user name and password. You must configure and update the privileged user and password using the vSphere Client. See
Configure Dual Authentication.
Note: Passwords for vRealize, Horizon 7, and PKS components cannot be managed through the SDDC Manager Dashboard.
