Splunk® Enterprise

Securing Splunk Enterprise

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Password best practices for users

Use the following best practices to create strong passwords for your users that protect your deployment.

Tips for creating strong passwords

  • Create unique passwords with a combination of words, numbers, symbols, and both lowercase and capitalized letters.
  • Consider groups of words that form a phrase or sentence, such as the opening sentence of your favorite novel or the opening line to a good joke. The ideal password could be an obscure, random phrase that is easy for you to remember, but impossible for an automated system to guess.
  • Make your password as long as your system lets you. It is increasingly easy to build password-cracking tools that can try hundreds of billions of possible password combinations per second. Each character you add to a password or passphrase increases resistance to brute-force methods.

Avoid the following insecure practices

  • Do not choose passwords based on personal information, such as your birth date, your Social Security or phone number, or the names of family members.
  • Do not use a word from the dictionary. Password-cracking tools that are freely available online often come with dictionary lists that will try thousands of common names and passwords. Try using multiple words, adding a numeral to the words, or adding punctuation at the beginning or end of the word, or both.
  • Never use the same password for different websites.
  • Never use the password you've picked for your email account at any online website.
  • Do not store your list of passwords on your computer in plain text, or even on a piece of paper.
Last modified on 04 May, 2024
Configure a Splunk Enterprise password policy using the Authentication.conf configuration file   Unlock a user account

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters