Quiz Entry - updated: 2026.07.05
How do you secure privileged EXEC mode access, and why use enable secret instead of enable password?
Use enable secret password in global config — it stores a one-way hash (Type 5/MD5 on this classic IOS), whereas enable password is plaintext by default, so enable secret is always the right choice.
Switch(config)# enable secret class
Switch(config)# exit
Why use enable secret:
enable secretstores the password as a one-way hash — Type 5 (MD5) on the classic IOS taught here; newer IOS supports stronger algorithms (Type 8/9)enable passwordstores the password in plaintext by default- If both are configured,
enable secrettakes precedence
Always use enable secret for privileged EXEC protection.
Go deeper:
Cisco IOS (Wikipedia) — the IOS password-storage model and why a hashed secret beats a plaintext password.