US Trends

what command will prevent all unencrypted passwords from displaying in plain text in a configuration file?

The command you’re looking for is:

(config)# service password-encryption

Quick Scoop

On Cisco IOS devices, running service password-encryption tells the device to encrypt all currently configured, plain-text passwords in the running configuration. This includes things like console, VTY, and line passwords so they no longer appear in clear text when you do a show running-config.

Think of it as flipping a switch: all those readable passwords get converted into type 7–style encrypted strings, which are at least not human-readable at a glance. It’s not strong cryptography by modern standards, but it does prevent casual viewing in plain text, which is exactly what the question is asking.

Why this specific command?

  • Other options like enable secret Secret_Password or enable secret Encrypted_Password only protect the enable password, not all passwords in the config.
  • service password-encryption applies to all unencrypted line passwords already configured on the device.
  • This is a classic CCNA / networking exam-style question, and the officially accepted correct answer is always service password-encryption.

Mini example

  1. You configure a console password:
    line console 0
    password cisco123
    login

  2. Before encryption, show running-config will show password cisco123 in plain text.

  1. After you run:
    config terminal
    service password-encryption

  2. That same section will now show a scrambled, non-plain-text value instead of cisco123.

Final exam-style answer:
(config)# service password-encryption

Note: Information gathered from public forums or data available on the internet and portrayed here.