How can we help?

Device community string and password best practices


Password standards differ across device vendors. Some special characters allowed by one vendor may not be allowed by the next, and that can cause credentials to be invalid.

For best practices for SSH access, click here.

Rather than pick through thousands of device vendors to determine which characters are valid and which aren’t, we thought it easiest to provide a recommended character set for SNMP community strings and Telnet or SSH login passwords.

SNMP community strings are commonly set up as octet string, which should accept all characters, but they might not always work as expected. Here’s what we recommend:

  1. Create community strings of 20 characters or more. Some devices accept up to 32 characters.
  2. Include a mix of uppercase characters, lowercase characters, digits, and special characters. Special characters to avoid include @ and the colon (:).
  3. Don’t use dictionary words.
  4. Don’t include any personal or corporate information.
  5. For SNMP, make sure public and private community strings are different.
  6. Apply different community strings to different devices.

While SNMPv2 has community based authentication and no data encryption, for SNMPv3 algorithms, they must include one of the following authentication and privacy protocols.

Auth Protocols: MD5 and SHA
Privacy Protocols: DES, 3DES-EDE, AES-128, AES-192, and AES-256 

Was this article helpful?
2 out of 5 found this helpful
Have more questions? Submit a request