Fortinet black logo

New Features

Allow administrators to define password policy with minimum character change

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:520331
Download PDF

Allow administrators to define password policy with minimum character change

In previous FortiOS versions, password policies were restricted to only enable or disable a minimum of four new characters in new password. Administrators can now set a minimum number of unique characters in the new password that do not exist in the old password. This setting overrides the password reuse option if both are enabled.

To configure the password policy in the GUI:
  1. Go to System > Settings and navigate to the Password Policy section.
  2. For Password scope, select Admin.
  3. Enter a value for Minimum number of new characters.

  4. Click Apply.
To change an administrator password in the GUI:
  1. Go to System > Administrators and double-click the admin profile.
  2. Click Change Password.
  3. Enter the old and new password. An error appears if there are not enough new characters, and the password rules are displayed:

    If the new password matches the policy, there is no error message:

  4. Re-enter the new password to confirm it.
  5. Click OK to save the new password.
  6. Click OK to save the admin profile settings.
To configure the password policy in the CLI:
config system password-policy
    set status enable
    set min-change-characters 6
end
To change an administrator password in the CLI:

When the administrator changes the password, an error appears if there are not enough new characters, and the password rules are displayed.

config system admin
    edit admin
        set password oldpassword oldpassword
        New password must conform to the password policy enforced on this device:
        minimum-length=8; the new password must have at least 6 unique character(s) which don't exist in the old password.
        node_check_object fail! for password *
        value parse error before 'oldpassword'
        Command fail. Return code -49
        set password  newchangepassword oldpassword
    next
end

Allow administrators to define password policy with minimum character change

In previous FortiOS versions, password policies were restricted to only enable or disable a minimum of four new characters in new password. Administrators can now set a minimum number of unique characters in the new password that do not exist in the old password. This setting overrides the password reuse option if both are enabled.

To configure the password policy in the GUI:
  1. Go to System > Settings and navigate to the Password Policy section.
  2. For Password scope, select Admin.
  3. Enter a value for Minimum number of new characters.

  4. Click Apply.
To change an administrator password in the GUI:
  1. Go to System > Administrators and double-click the admin profile.
  2. Click Change Password.
  3. Enter the old and new password. An error appears if there are not enough new characters, and the password rules are displayed:

    If the new password matches the policy, there is no error message:

  4. Re-enter the new password to confirm it.
  5. Click OK to save the new password.
  6. Click OK to save the admin profile settings.
To configure the password policy in the CLI:
config system password-policy
    set status enable
    set min-change-characters 6
end
To change an administrator password in the CLI:

When the administrator changes the password, an error appears if there are not enough new characters, and the password rules are displayed.

config system admin
    edit admin
        set password oldpassword oldpassword
        New password must conform to the password policy enforced on this device:
        minimum-length=8; the new password must have at least 6 unique character(s) which don't exist in the old password.
        node_check_object fail! for password *
        value parse error before 'oldpassword'
        Command fail. Return code -49
        set password  newchangepassword oldpassword
    next
end