Password best practices for users
A few steps can help you create strong passwords that protect you and your system. Keep the following best practices in mind when creating a new password in Splunk Enterprise.
Tips for creating strong passwords
- Create unique passwords with a combination of words, numbers, symbols, and both lowercase and capitalized letters.
- Consider groups of words that form a phrase or sentence, such as the opening sentence of your favorite novel or the opening line to a good joke. The ideal password could be an obscure, random phrase that is easy for you to remember, but impossible for an automated system to understand.
- Make your password as long as your system allows. It is increasingly easy to build password-cracking tools that can try hundreds of billions of possible password combinations per second. Each character you add to a password or passphrase increases immunity to brute-force methods.
Avoid the following insecure practices
- Do not choose passwords based on personal information, such as your birth date, your Social Security or phone number, or names of family members.
- Do not use a word from the dictionary. Password-cracking tools are freely available online often come with dictionary lists that will try thousands of common names and passwords. Try using multiple words, adding a numeral to the words, and adding well as punctuation at the beginning or end of the word (or both).
- Never use the same password for different sites.
- Never use the password you've picked for your email account at any online site.
- Do not store your list of passwords on your computer in plain text.
Configure a Splunk password policy in Authentication.conf
Unlock a user password
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1