Enable vs Enable Secret Password

On Cisco devices, there are a number of ways that you can protect resources with the use of passwords. Two common ways to achieve this is via the enable password command and enable secret password command. The main difference between enable and enable secret is encryption. With enable, the password that you give is stored in a plain text format and is not encrypted. With enable secret password, the password is actually encrypted with MD5. In the simplest sense, enable secret is the more secure way.

With Cisco, it is possible to view the stored passwords as they are a part of the configuration file. When you view them, you will see the actual password that you need to enter with enable password. The same will also reveal the password made by enable secret. But, it will be in its encrypted form and cannot be entered as the password in its current state.

Although using enable secret is relatively safer than using enable password, it is not uncrackable. Actually, it is relatively easy to crack the encrypted password of enable secret by searching for tutorials and tools online. It’s just a matter of knowing what you are doing and having the right resources to execute it. So, for a capable person, both enable and enable secret cannot block access, but just add a small amount of delay.

There are cases where enable and enable secret are good enough in limiting access to your devices. But in cases where you really do not want to block access, it is best to use another command ‘service password-encryption’ as it provides better security. It still encrypts the password that you enter, but with a more complex algorithm that is virtually impossible to crack with tools and computing power that is commonly available nowadays.

Summary:

1.Enable secret encrypts the password while enable does not
2.The enable password can be seen with a command while the enable secret password cannot
3.The enable secret password can still be cracked with the right tools

Sharing is caring!