Understanding federal recommendations for Cisco security and password types

The National Security Agency (NSA), one of the U.S. government’s leading authorities on cybersecurity, continues to shape best practices for credential protection. In the 2025 Bitwarden State of Password Security report, the NSA received a ‘Very Good’ rating for its clear guidance on strong password practices and its explicit support for password manager use, which is a critical tool for both public and private sector security. 

In a recent update, the NSA published the Cisco Password Types: Best Practices information sheet, offering specific recommendations for securing Cisco device credentials. The guidance outlines different Cisco password storage schemes and provides actionable recommendations for organizations looking to harden network infrastructure against credential compromise. These insights are especially timely given recent threats such as Volt Typhoon and ongoing reports of state-sponsored groups targeting router and switch misconfigurations to gain persistent access to enterprise and critical infrastructure networks.

Cisco offers a broad range of security tools designed to help organizations defend against evolving cyber threats while simplifying infrastructure protection. Its portfolio includes firewalls, intrusion prevention systems, advanced threat protection, and unified security operations aimed at safeguarding sensitive information and systems.

In a press release accompanying its Cisco Password Types: Best Practices information sheet, the NSA emphasized the stake: 

“Cisco devices are used globally to secure network infrastructure devices… across the Department of Defense, National Security Systems, and the Defense Industrial Base…any credentials within Cisco configuration files could be at risk of compromise if strong password types are not used.”

The agency published the guidance in response to a rise in network infrastructure compromises, in which adversaries obtained hashed passwords and other sensitive data from misconfigured or insufficiently protected Cisco devices. To address these risks, the NSA evaluated Cisco’s available password hashing and encryption schemes, assessing each one for “difficulty to crack and recover the plaintext password, their vulnerability severity, and the agency’s recommendations for use.”

The high-level table in the document summarizes these password types alongside impact levels and recommended usage, giving system administrators clear, actionable direction.

Image credit: NSA

In its analysis, the NSA highlights just one Cisco password type as recommended for secure use: Type 8. Before diving into the technical details, the agency underscores the importance of NIST (National Institute of Standards and Technology) guidance. As a key authority on federal cybersecurity standards, NIST has published risk management frameworks, identity authentication guidelines, and password security best practices. The agency received a ‘Very Good’ rating in the Bitwarden State of Password Security report for its comprehensive, up-to-date guidance.

Returning to the NSA’s evaluation of Cisco password types, here is the agency’s assessment of Type 8, quoted directly from the information sheet:

Type 8 passwords are hashed with the PasswordBased Key Derivation Function version 2 (PBKDF2), SHA-256, an 80-bit salt, and 20,000 iterations, which makes it more secure in comparison to the previous password types. The passwords are stored as hashes within the configuration file. Type 8 is less resource intensive than Type 9 passwords. No known issues have been found regarding Type 8 passwords. NSA recommends using Type 8.

In simpler terms, Type 8 stands out because it relies on advanced hashing techniques that convert plaintext passwords into a string of “unintelligible numbers and letters using the most secure, industry standard encryption algorithms” This method helps protect against common attacks, including brute force or dictionary-based guessing.

Image credit: Okta

The NSA also reminds administrators that strong password creation is essential regardless of the encryption method. Recommendations include using at least 15 characters, combining numbers, letters, and symbols, avoiding predictable patterns, and assigning privileges based on user roles.

For a deeper dive into federal password guidance, visit the NSA cybersecurity library or explore the full Bitwarden State of Password Security report.

To put these practices into action and get started securing your passwords today, sign up for a Bitwarden Basic Free Account or a free 7-day trial of our business plans to empower your company with secure password management.