Audit requirment to Changing Root and Admin passwords every 90 days

Question

We have a new audit requirement to change the password for Root &amp; admin user names every 90 days.
I would like to know what is the impact on the environment, we have 23 devices on 11.4.1 HFX10 (LTM, GTM, EM).
would using the EM task of changing a user password will be sufficient enough? 
Please advise.&nbsp;

samstep · Answer

It is strange that you have such a requirement. Admin and root are system administrator accounts and should never be used unless you have a "break-glass" emergency. Typically you would randomly generate very long and secure passwords for these accounts and would store them in secure digital or physical vaults with all access audited. Regular users should really be on Active Directory/LDAP/TACACS+&nbsp;
Please check out the following Knowledgebase articles:&nbsp;
Configuring a secure password policy for the BIG-IP system:&nbsp;
https://support.f5.com/csp/article/K15497&nbsp;
Characters that should NOT be used in passwords on F5 products:&nbsp;
https://support.f5.com/csp/article/K2873&nbsp;

Forum Discussion

Audit requirment to Changing Root and Admin passwords every 90 days

1 Reply

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

BIGIQ/DCD and BIGIP Admin password change

Require username and password for virtual server

APM Customization: Password Change Validation

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases