Use of passwords is an important security measure in Couchbase.
Couchbase Server supports several passwords:
Administrative passwords for Couchbase administrators and LDAP administrators
Bucket passwords to secure data access to each bucket
As a security best practice, choose passwords that are strong and periodically updated:
To be strong, a password should have at least eight characters, including characters from three of the following five groups: lowercase letters; uppercase letters; numbers; symbols; unicode characters.
Passwords should be rotated periodically, based on an organization’s requirements.
CRAM-MD5 is deprecated in Couchbase Server version 4.5. Use SCRAM-SHA enabled SDKs instead. See these two blogs for more information: http://blog.couchbase.com/2016/may/improved-security-couchbase-4.5-scram-sha, http://blog.couchbase.com/2016/watching-scram-authentication-in-java.
You can reset any forgotten administrative passwords using the cbreset_password tool.