||This procedure configures the router to require an enable password and an enable secret password using Cisco IOS commands.
||Onsite or remote
||Provisioning or higher
To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands accomplish the same thing; that is, they allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify.
We recommend that you use the enable secret command because it uses an improved encryption algorithm.
If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously.
If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password serves as the enable password for all VTY sessions.
Use the enable password or enable secret commands with the level keyword to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level configuration command to specify the commands accessible at various levels.
You can enable or disable password encryption with the service password-encryption command. If you have the service password-encryption command enabled, the password you enter is encrypted. When you display it with the more system:running-config command, it is displayed in encrypted form.