#### Types of Encryption - Type 0 - plaintext - `username <> password <>` - Type 5 - MD5 - `username <> secret <>` - Type 7 - Vigenere - `service password-encryption` - Type 8 - PBKDF2 with SHA-256 - `username <> alrgorithm-type sha256 secret <>` - Type 9 - SCRPYPT - `username <> alrgorithm-type scrypt secret <>` > Type 7 is only used with the `service password-encryption` feature, which can be easily cracked. This is only used for preventing over the shoulder looks, see the below example: ``` show running-config > username admin password cisco (config)# service password-encryption show running-config > username admin password 7 01100F175804 ``` #### Creating a User ``` ! Type 0 username {username} password {password} ! Type 5 username {username} secret {password} ! Type 8 or 9 username {username} algorithm-type { sha256 | scrypt } secret {password} ``` #### Enable Passwords Enable password are a tool for administrators to increase their privileges to the maximum, which is privilege level 15, which has all access to the device. ```none enable password <> ``` - Stored in **cleartext** unless encrypted with `service password-encryption` (Level 7). - Not recommended for modern deployments, as it can be cracked easily. ```none enable secret <> ``` ``` show running-config > username admin secret 5 $9$YeaXVbtVOzNIa ``` - Encrypted using **MD5** by default (level 5). - Overrides `enable password` if both are configured. This password can be used by admins by issuing the `enable` command from User EXEC mode. Mor einfo on these privilege levels in [[Local Privilege & Role-Based Access Control (RBAC)]].