Fortinet black logo

Administration Guide

Home FortiNDR 7.4.2 Administration Guide
7.4.2
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Password policy

Password policy

Brute force password software can launch more than just dictionary attacks. It can discover common passwords where a letter is replaced by a number. For example, if p4ssw0rd is used as a password, it can be cracked.

Using secure passwords is vital for preventing unauthorized access to your FortiNDR. When changing the password, consider the following to ensure better security:

  • Do not use passwords that are obvious, such as the company name, administrator names, or other obvious words or phrases.
  • Use numbers in place of letters, for example: passw0rd.
  • Administrator passwords can be up to 64 characters.
  • Include a mixture of numbers, symbols, and upper and lower case letters.
  • Use multiple words together, or possibly even a sentence, for example: correcthorsebatterystaple.
  • Use a password generator.
  • Change the password regularly and always make the new password unique and not a variation of the existing password. for example, do not change from password to password1.
  • Make note of the password and store it in a safe place away from the management computer, in case you forget it; or ensure at least two people know the password in the event one person becomes unavailable. Alternatively, have two different admin logins.

FortiNDR allows you to create a password policy for administrators and IPsec pre-shared keys. With this policy, you can enforce regular changes and specific criteria for a password policy, including:

  • The minimum length, between 8 and 64 characters.
  • If the password must contain:
    • Uppercase (A, B, C) and/or lowercase (a, b, c) characters
    • Numbers (1, 2, 3)
    • Special or non-alphanumeric characters: !, @, #, $, %, ^, &, *,
  • Where the password applies (admin or IPsec or both).
  • The duration of the password before a new one must be specified.
  • The minimum number of unique characters that a new password must include.

If you add a password policy or change the requirements on an existing policy, the next time that administrator logs into the FortiNDR, the administrator is prompted to update the password to meet the new requirements before proceeding to log in.

To create a system password policy the CLI:

config sys password-policy

config system password-policy

set status enable

set apply-to admin-user

set minimum-length 8

set must-contain upper-case-letter lower-case-letter number non-alphanumeric

end

Previous
Next

Password policy

Brute force password software can launch more than just dictionary attacks. It can discover common passwords where a letter is replaced by a number. For example, if p4ssw0rd is used as a password, it can be cracked.

Using secure passwords is vital for preventing unauthorized access to your FortiNDR. When changing the password, consider the following to ensure better security:

  • Do not use passwords that are obvious, such as the company name, administrator names, or other obvious words or phrases.
  • Use numbers in place of letters, for example: passw0rd.
  • Administrator passwords can be up to 64 characters.
  • Include a mixture of numbers, symbols, and upper and lower case letters.
  • Use multiple words together, or possibly even a sentence, for example: correcthorsebatterystaple.
  • Use a password generator.
  • Change the password regularly and always make the new password unique and not a variation of the existing password. for example, do not change from password to password1.
  • Make note of the password and store it in a safe place away from the management computer, in case you forget it; or ensure at least two people know the password in the event one person becomes unavailable. Alternatively, have two different admin logins.

FortiNDR allows you to create a password policy for administrators and IPsec pre-shared keys. With this policy, you can enforce regular changes and specific criteria for a password policy, including:

  • The minimum length, between 8 and 64 characters.
  • If the password must contain:
    • Uppercase (A, B, C) and/or lowercase (a, b, c) characters
    • Numbers (1, 2, 3)
    • Special or non-alphanumeric characters: !, @, #, $, %, ^, &, *,
  • Where the password applies (admin or IPsec or both).
  • The duration of the password before a new one must be specified.
  • The minimum number of unique characters that a new password must include.

If you add a password policy or change the requirements on an existing policy, the next time that administrator logs into the FortiNDR, the administrator is prompted to update the password to meet the new requirements before proceeding to log in.

To create a system password policy the CLI:

config sys password-policy

config system password-policy

set status enable

set apply-to admin-user

set minimum-length 8

set must-contain upper-case-letter lower-case-letter number non-alphanumeric

end

Previous
Next