Another useful command prevents passwords from showing up as plain text when viewing the configuration files. This is the service password-encryption command.

This command causes the encryption of passwords to occur when a password is configured. The service password-encryption command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over media. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file.

If you execute the show running-config or show startup-config command prior to the service password-encryption command being executed, the unencrypted passwords are visible in the configuration output. The service password-encryption can then be executed and the encryption will be applied to the passwords. Once the encryption has been applied, removing the encryption service does not reverse the encryption.

In the figure, practice entering the command to configure password encryption.