Perle Systems Technical Notes
Password Strength Checking
Many organizations are now creating policies that require that only strong passwords be used throughout the organization. The best way to enforce this is through the use of centralized authentication servers such as RADIUS or TACACS. However, if these facilities have not been implemented or are available, local password strength checking at the device will provide a method to ensure control over the strength of the password being used.
Perle products with password strength checking enabled will enforce that strong password attributes be used as defined by the NERC CIP-007-3 standard:
- Must be at least 8 characters long
- Have three out of the following four characters in the password;
- Upper case letter
- Lower case letter
- Numeric character
- Special character
- Cannot repeat the same character more than 3 times consecutively
- Cannot be the same as the username
