What command can be used to prevent unencrypted passwords from showing in plaintext?

The command "service password-encryption" is used in Cisco devices to prevent unencrypted passwords from being displayed in plaintext within the device's configuration files. When this command is enabled, any passwords that are configured on the device will be automatically encrypted using a weak encryption algorithm, ensuring that they are not easily readable by unauthorized users who might have access to the device's configuration.

This not only helps in enhancing security by obscuring sensitive information but also serves to remind network administrators of the importance of protecting user credentials. While the encryption provided by this command is moderate and considered weak by modern standards, it still adds a layer of protection that is better than leaving passwords exposed in plaintext.

The other options do not reflect appropriate Cisco IOS commands or concepts related to password protection in device configurations, which is why they do not serve the intended purpose of masking passwords effectively.