Is there a max password size for the UTM?

I'm trying to install a new UTM and am being defeated with the setting of the password.

There appears to be no stated max password size so I'm using a secure one from a password manager.

The UTM continually tells me the passwords don't mach.

Over... and over... and over...

Am I missing something?

  • Yes, we have often problems with password length and complexity.

    12 characters should work ... default ascii characters too.

    But some days ago we have a threat where the "#" isn't allowed within IPSEC-RAS-Password ... but working within SSL-RAS-VPN or User-Portal.

    Each component used within UTM/SG has its own password-characteristics.


    Sophos Solution Partner since 2003
    If a post solves your question click the 'Verify Answer' link.

  • The max password size is at least 15 characters.  In general, the UTM doesn't like characters with diacritical marks - I know that's true with names, but I don't know about passwords.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Not to hijack your thread, but my goodness whenever Sophos made the change to require a complex, but not too complex of password on initial install, kind of created a PITA. 

    Here's my deal: I often install these virtually, especially for lab purposes, and don't have the ability to copy-paste the complex passwords. Or, I'm going to load a old config over the top anyways as soon as I get through the initial reboot. Yet, I have to create a complex, but not too complex password. I used to enter in "mybadpass" and move on... I get Sophos is trying to push security, but, the screen appears glitchy at times too, and it's frustrating as heck. 

    When you change the password, it seems like you have to click the EULA off and on (or change something else, too) to get it to "register" you want to "try again." Backwards progress on this change. 

    Again, sorry to hijack your thread, OP. 

  • Agreed.
    The "not too complex" is absolutely foolish and ill-advised.
    I assume this is some British intelligence service asking vendors to make password hackable to any government agency that really wants to get in.

    They intentionally fail to realize this allows any adequately endowed geek, creep, or goon.