For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AbuAhmad's avatar
AbuAhmad
Icon for Nimbostratus rankNimbostratus
Mar 24, 2017

Audit requirment to Changing Root and Admin passwords every 90 days

We have a new audit requirement to change the password for Root & admin user names every 90 days. I would like to know what is the impact on the environment, we have 23 devices on 11.4.1 HFX10 (LTM, ...
application delivery
BIG-IP
LTM
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Mar 28, 2017

It is strange that you have such a requirement. Admin and root are system administrator accounts and should never be used unless you have a "break-glass" emergency. Typically you would randomly generate very long and secure passwords for these accounts and would store them in secure digital or physical vaults with all access audited. Regular users should really be on Active Directory/LDAP/TACACS+

 

Please check out the following Knowledgebase articles:

 

Configuring a secure password policy for the BIG-IP system:

 

https://support.f5.com/csp/article/K15497

 

Characters that should NOT be used in passwords on F5 products:

 

https://support.f5.com/csp/article/K2873