Updated on 2026-06-04 GMT+08:00

Weak Passwords

Description

  • Weak passwords
    • A COMMON-PV password is considered to be weak (or invalid) if it meets any of the following conditions:
      • It has less than 6 or more than 32 characters.
      • The password contains fewer than three types of characters. For details about supported characters, see Table 1.
      • The password contains invalid characters, that is, characters that are not listed in Table 1.
      • The password contains more than two consecutive identical characters.
      • The password is defined in the weak password list.
      • The password is defined in the PV root weak password list.
    • An ECS-PV password is considered to be weak (or invalid) if it meets any of the following conditions:
      • It has less than 8 or more than 26 characters.
      • The password contains fewer than four types of characters. For details about supported characters, see Table 1.
      • The password contains invalid characters, that is, characters that are not listed in Table 1.
      • The password contains more than two consecutive identical characters.
      • The password is defined in the weak password list.
      • The password is defined in the PV root weak password list.
      • The username is the same as the password or the password spelled backwards.
  • Password complexity requirements

    The password complexity requirements for ECSs apply to two scenarios: ECS creation and password reset.

    Table 1 Password complexity requirements

    Password Complexity Requirements

    ECS Creation

    Password Reset

    Length

    Must contain 8 to 26 characters. For specific requirements on the password length, see the information displayed on the console.

    Must contain 8 to 26 characters. For specific requirements on the password length, see the information displayed on the console.

    Characters

    Must contain at least three of the supported four character types.

    Must contain at least three of the supported four character types.

    Security

    • Cannot contain the username or the username spelled backwards.
    • Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)
    • Cannot contain the username or the username spelled backwards.
    • Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)

    Other

    None

    Cannot start with a slash (/) for Windows ECSs.

    Supported characters

    Uppercase letters

    Uppercase letters

    Lowercase letters

    Lowercase letters

    Digits

    Digits

    • Special characters for Linux ECSs: !@$%^-_=+[{}]:,./?~#*
    • Special characters for Windows ECSs: !@$%^-_=+[{()}]:,./?~#*
    • Online password reset:

      @%-_=+[]:./^,{}? (only applied to Linux)

      $@%-_=+[]:./,? (only applied to Windows)

    • Offline password reset:

      Special characters for Linux ECSs: !@%-_=+[]:./?

      Special characters for Windows ECSs: !@%-_=+[]:./?

FAQs