FORT MEADE, Md. — The National Security Agency published guidance today to help administrators secure network infrastructure devices and their credentials. The “Cisco Password Types: Best Practices” Cybersecurity Information Sheet analyzes Cisco’s wide variety of password encryption and hashing schemes to secure passwords stored in configuration files. NSA provides recommendations based on each password type and best practices to help administrators secure sensitive credentials.
Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security Systems, and the Defense Industrial Base. Each device has plaintext configuration files that contain settings that control device behavior, determine how to direct network traffic, and store pre-shared keys and user authentication information. Any credentials within Cisco configuration files could be at risk of compromise if strong password types are not used.
The Cybersecurity Information Sheet reviews Cisco’s password type options and evaluates how difficult each password type is to crack, its vulnerability severity, and lists NSA’s recommendation for use.
NSA recommends that Type 8 passwords be enabled and used for all Cisco devices running software developed after 2013. Devices running software from before 2013 should be immediately updated. Type 6 passwords should be used when reversible encryption must be used.
NSA also recommends using privilege levels to restrict access and using multi-factor authentication for administrators managing critical devices.
Read the full Cybersecurity Information Sheet
Visit our full library
for more cybersecurity information and technical guidance.