Strong Password Enforcement

The default deployment of NSX Advanced Load Balancer creates an admin account for access to the system. This initial account does not mandate any specific password requirements. Additional user accounts can be created, either local (username/password) or remote accounts (which are tied into an external auth system, such as LDAP). For local accounts, it is possible to enable strong password enforcement. Enabling this option does not impact the passwords of existing accounts. It only impacts newly created accounts, or existing accounts that are attempting to change their password.

The strong password enforcement feature does not affect remotely authenticated accounts. It also does not impact the password requirements for the underlying Linux operating system of the NSX Advanced Load Balancer.

Password Requirements (Strong Password Enforcement Enabled)

Following are the list of password requirements:

Minimum of 8 characters
It must contain at least one occurrence of three of the following four categories:
- Uppercase letters
- Lowercase letters
- Digits
- Special characters
Dictionary words are not allowed.
Passwords that are easy to guess. For example, the password !QAZxsw2 is not allowed because it is entered using 8 adjacent keys on the keyboard.

You can specify the minimum permissible password length when password complexity is enforced. The configurable minimum password length is 8 characters by default, but can range from 6 to 32 characters.

You can configure minimum password length using the following CLI command.

[admin]: > configure systemconfiguration
[admin]: systemconfiguration > portal_configuration
[admin]: systemconfiguration:portal_configuration > minimum_password_length <value>

Strong password enforcement is enabled by default. You can deactivate it if required.

Note:

Only an account that has the System Administrator role can change this setting.

Enabling Strong Password Enforcement

Strong password enforcement can be enabled using the CLI commands shown below.

bash# shell
: > configure systemconfiguration
: systemconfiguration> portal_configuration
: systemconfiguration:portal_configuration> password_strength_check
Overwriting the previously entered value for password_strength_check
: systemconfiguration:portal_configuration> exit
: systemconfiguration> exit

The following is the truncated view of the results.

+-------------------------------------+----------------------------------+
| Field                               | Value                            |
+-------------------------------------+----------------------------------+
| uuid                                | default                          |
| portal_configuration                |                                  |
|   enable_https                      | True                             |
|   redirect_to_https                 | True                             |
|   enable_http                       | True                             |
|   enable_clickjacking_protection    | True                             |
|   allow_basic_authentication        | False                            |
|   password_strength_check           | True                             |
+-------------------------------------+----------------------------------+

Deactivating Strong Password Enforcement

Warning:

Deactivating strong password enforcement is not recommended.

bash# shell
: > configure systemconfiguration
: systemconfiguration> portal_configuration
: systemconfiguration:portal_configuration> no password_strength_check
Overwriting the previously entered value for password_strength_check
: systemconfiguration:portal_configuration> exit
: systemconfiguration> exit