Support Center > Search Results > SecureKnowledge Details
Best Practices - Change the Default Admin Password Technical Level
Solution

Passwords are one of the most important security features used today. It is important for the administrator and all users to have secure passwords that are hard to guess. Having a strong password is the most important thing you can do to secure your account.

We recommend that you change the default password to increase security. Not doing so puts the client at risk of being hacked.

The process of changing a password in Gaia is very simple and we recommend you do so frequently for maximum security.

Here are some simple steps you can take to make your system more secure:

  1. Change the admin default password.

    1. Change the admin password in clish:

      HostName> set user admin password

      New password: <new_password>

      Verify new password: <new_password>

    2. Save the configuration:

      HostName> save config

    3. Log out from the Gaia OS and log in again.

  2. Log in to the WebUI as the admin user and run the First Time Configuration Wizard.

    The First Time Configuration Wizard makes sure the user updates the admin password.


Additional secure tips
:

  1. For added security, change the hashing algorithm to something other than MD5.

    HostName> set password-controls password-hash-type <SHA256/SHA512>

  2. Enforce that the users must change their passwords during the next login.

    HostName> set user VALUE force-password-change <yes/no>

  3. Set these other parameters:

    HostName> set password-controls

    Parameter Description

    complexity 

    Set the required password complexity

    deny-on-fail

    Deny user access after too many failed login attempts

    deny-on-nonuse

    Deny user access after account unused too long

    expiration-lockout-days

    Set the number of days after a password expires until the user gets locked out

    expiration-warning-days

    Set the number of days before a password expires that the user gets warned

    force-change-when

    Force users to change their passwords after it has been set via "User Management"

    history-checking 

    Check for re-use of passwords

    history-length

    Set the number of password history entries to store, if enabled

    min-password-length

    Set the minimum allowed password length

    palindrome-check 

    Enable the password palindrome check

    password-expiration

    Set the time limit for passwords to expire

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment