Switch Firmware v5.00: Password Complexity

Zyxel_Claudia
Zyxel_Claudia Posts: 164  Zyxel Employee
Network Detective-New Adventure Badge Network Detective Badge First Comment Friend Collector

With the latest firmware update, Zyxel Networks now offers Password Complexity Enforcement on supported switch models. This feature, long available in security appliances, is now part of the switch lineup—designed to improve account security and meet stricter compliance requirements in enterprise and regulated environments.

What Is Password Complexity?

Password Complexity ensures that any password used on the switch meets strict security standards. This prevents the use of weak or easily guessable passwords and applies to multiple account types across the system.

Affected Fields

Once enabled, the password complexity policy applies to:

  • Admin passwords
  • User account passwords
  • Enable password (for CLI)
  • SNMP user authentication and privacy passwords

Password Requirements

To meet the complexity requirements, a password must:

  1. Be 9 to 32 characters in length.
  2. Contain at least three of the following four character types:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters (e.g., @ , #, !)
  3. Not match the username
  4. Not use repetitive characters (e.g., aaaa, 7777)
  5. Not use sequential keyboard characters (e.g., 1234, abcd, qwert)
  6. Not reuse the previous password

Enabling the Feature

By default, password complexity is disabled. To enable:

  1. Go to Security > Account Security in the Web GUI.
  2. Toggle "Password Complexity Enforcement" to ON.
  3. Click Apply to save changes.

Once enabled, all future password inputs (via Web GUI or CLI) must meet the above complexity requirements.

Real-Time Error Handling

The system provides interactive feedback if a password doesn't meet requirements. For example:

  • If the password is too short, you’ll see: "Password too short."
  • If it matches the username, you’ll see: "Password cannot match username."
  • If it uses sequences like 123456, you’ll see: "Password must not contain keyboard sequences."

This validation occurs both in the Web GUI and CLI, ensuring consistent behavior.

Use Case: Why Enable Password Complexity?

This feature is especially useful for:

  • Organizations adhering to corporate IT policies
  • Environments subject to government cybersecurity regulations
  • Admin teams aiming to reduce the risk of unauthorized access through weak credentials

When enabled, the switch also provides reminders and tooltips to inform users about the password rules.