service password-encryption command

All passwords configured on an IOS device, with the exception of the passwords configured with enable secret password, are stored in clear-text in the device configuration file. This means that all that attacker needs to do to find out the passwords is to run the show running-config command:

show running-config passwords

Notice how console and VTY passwords are displayed in clear-text. To encrypt them, you can use the service password-encryption global configuration command:

service passsword encryption command

Notice how passwords are now stored in encrypted form:

encrypted passwords


Although somewhat useful, this method of password encryption is not considered to be especially secure, since there are tools that can crack it. Use the service password-encryption command with additional security measures.
Geek University 2021