Audit requirment to Changing Root and Admin passwords every 90 days

Question

We have a new audit requirement to change the password for Root &amp; admin user names every 90 days.
I would like to know what is the impact on the environment, we have 23 devices on 11.4.1 HFX10 (LTM, GTM, EM).
would using the EM task of changing a user password will be sufficient enough? 
Please advise.&nbsp;

samstep · Answer

It is strange that you have such a requirement. Admin and root are system administrator accounts and should never be used unless you have a "break-glass" emergency. Typically you would randomly generate very long and secure passwords for these accounts and would store them in secure digital or physical vaults with all access audited. Regular users should really be on Active Directory/LDAP/TACACS+&nbsp;
Please check out the following Knowledgebase articles:&nbsp;
Configuring a secure password policy for the BIG-IP system:&nbsp;
https://support.f5.com/csp/article/K15497&nbsp;
Characters that should NOT be used in passwords on F5 products:&nbsp;
https://support.f5.com/csp/article/K2873&nbsp;

Forum Discussion

Audit requirment to Changing Root and Admin passwords every 90 days

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

error code 503 redirect irule

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

Related Content

APM Customization: Password Change Validation

Require username and password for virtual server

Password Safety & Security: Passwords vs. Passphrases

F5 App Study Tool with passwords stored in Vault

Automate scp transfers using password

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS