Filter
Top Products
Appliance User Management
EncrypTight User Guide 105
● Do not use dictionary words. ETEMS does prevent the use of dictionary words, but a password
containing a dictionary word will be rejected by the ETEP.
In addition, the Administrator can place limits on the following:
● Password expiration period, expiration warning notification, and grace period.
● Maximum number of login sessions allowed per user
The ETEP allows three consecutive failed login attempts in a 15 minute period prior to locking an
account. After the third failure the account is locked for 15 minutes. The Administrator can unlock a
disabled account from the CLI.
Related topics:
● “Default Password Policy Conventions” on page 104
● “Adding ETEP Users” on page 106
● “Password Strength Policy” on page 327
Cautions for Strong Password Enforcement
The password expiration feature puts you at risk for a lockout under certain circumstances. Review the
guidelines below to avoid unintended lockouts.
CAUTION
If the Administrators’ passwords expire, all Administrator functionality is lost, including the ability to assign
a new password. The only means of resetting the password is to reformat the ETEP, which reverts all
configurations to their default shipping settings. Reformatting the ETEP requires factory service.
Upgrading Software
To avoid having strong passwords expire during an upgrade process, we recommend minimizing the time
period between a software upgrade operation and reboot.
If you plan to wait a day or more between an upgrade and reboot, disable strong passwords prior to
performing the upgrade. After the upgrade and reboot are complete, re-enable strong passwords.
Note the following:
● Passwords changes that are made between a software upgrade and subsequent reboot do not persist
through the reboot. The password expiration timer does not know if a password is changed during that
window, placing you at risk of a lockout.
● If all administrator account passwords expire, the unit must be returned to the factory.
Removing ETEPs From Service
To avoid having strong passwords expire during a planned service outage or equipment redeployment,
disable strong passwords prior to removing the ETEP from service.
If the password expiration and grace period is exceeded for all administrator accounts while the ETEP is
out of service, all users will be locked out and the ETEP must be returned to the factory.