111Step Command Remarks4. Configure the passwordcomposition policy for superpasswords.password-control supercomposition type-numbertype-number [ type-lengthtype-length ]• In non-FIPS mode, a defaultsuper password must contain atleast one character type and atleast one character for eachtype.• In FIPS mode, a default superpassword must contain fourcharacter types and at leastone character for each type.Displaying and maintaining password controlExecute display commands in any view and reset commands in user view.Task CommandDisplay password control configuration. display password-control [ super ]Display information about users in thepassword control blacklist.display password-control blacklist [ user-name name | ipipv4-address | ipv6 ipv6-address ]Delete users from the password controlblacklist. reset password-control blacklist [ user-name name ]Clear history password records. reset password-control history-record [ user-name name |super [ role role name ] ]NOTE:The reset password-control history-record command can delete the history password records of one orall users even when the password history function is disabled.Password control configuration exampleUnless otherwise noted, devices in the configuration example are operating in non-FIPS mode.Network requirementsConfigure a global password control policy to meet the following requirements:• An FTP or VTY user failing to provide the correct password in two successive login attempts ispermanently prohibited from logging in.• A user can log in 5 times within 60 days after the password expires.• A password must contain at least 16 characters.• A password expires after 30 days.• The minimum password update interval is 36 hours.• The maximum account idle time is 30 days.• A password cannot contain the username or the reverse of the username.