Password best practices for users
Use the following best practices to create strong passwords for your users that protect your deployment.
Tips for creating strong passwords
- Create unique passwords with a combination of words, numbers, symbols, and both lowercase and capitalized letters.
- Consider groups of words that form a phrase or sentence, such as the opening sentence of your favorite novel or the opening line to a good joke. The ideal password could be an obscure, random phrase that is easy for you to remember, but impossible for an automated system to guess.
- Make your password as long as your system lets you. It is increasingly easy to build password-cracking tools that can try hundreds of billions of possible password combinations per second. Each character you add to a password or passphrase increases resistance to brute-force methods.
Avoid the following insecure practices
- Do not choose passwords based on personal information, such as your birth date, your Social Security or phone number, or the names of family members.
- Do not use a word from the dictionary. Password-cracking tools that are freely available online often come with dictionary lists that will try thousands of common names and passwords. Try using multiple words, adding a numeral to the words, or adding punctuation at the beginning or end of the word, or both.
- Never use the same password for different websites.
- Never use the password you've picked for your email account at any online website.
- Do not store your list of passwords on your computer in plain text, or even on a piece of paper.
Configure a Splunk Enterprise password policy using the Authentication.conf configuration file | Unlock a user account |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.2.2406 (latest FedRAMP release), 8.2.2201, 8.2.2203, 8.2.2112, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403
Feedback submitted, thanks!