The big difference between the enable password and the enable secret is the encryption level.
The enable password by default is saved in clear text so when looking at the running-configuration of the router you will be able to read the password. It is possible to encrypt this password using the service password-encryption command.
The service password-encryption command will also encrypt all other clear text passwords on your router including the VTY, AUX, Console and User passwords. Although the service password-encryption command encrypts your passwords so you can no longer read them in the running-configuration, the encryption algorithm is not very secure.
If we look at the running-configuration of my router in the article Setting the enable password and secret on a Cisco device , you will see that after the service password-encryption command was issued the password was stored in the running-configuration as
Enable password 7 12180A1E02
The number ‘7’ tells me the type of password, the rest of the number is the password in its encrypted format.
Copy and paste with password without the ‘7’ into the below form, and see just how easy it is to decrypt the enable password.
NOTE: Please only use the below form for password recovery and demonstration purposes!
