locked
Password complexity RRS feed

  • Question

  • If requirement for password is written as "Password may not contain all or part of the user's account name" does it mean none of the letters from account name can be used in the password?
    Tuesday, May 14, 2013 1:24 PM

All replies

  • Tuesday, May 14, 2013 1:54 PM
  • [Full Name] and [Account Name] are 2 different entities.

    In some cases [Full Name] is not available if you have generic account like Postmaster, Administrator.

    Tuesday, May 14, 2013 3:57 PM
  • This password requirement states that the password may not contain 3 or more consecutive characters of a user's full name.

    The example to this are:

    1: P@ssword4abc123 is an invalid password for user abc123 even though it passes all checks because it contains the account name "abc123".

    2: ohn5#@32fl00r is an invalid password for user John Smith even though it passes all checks because it contains 3 consecutive characters "ohn" of the user's full name.


    Thanks, AT

    • Proposed as answer by FarnhamSurrey Friday, May 17, 2013 9:29 AM
    Thursday, May 16, 2013 10:30 AM
  • This password requirement states that the password may not contain 3 or more consecutive characters of a user's full name.

    Requirements are provided by the customer and written as "Password may not contain all or part of the user's account name". There is nothing about 3 or more consecutive characters.
    Thursday, May 16, 2013 8:21 PM
  • This password requirement states that the password may not contain 3 or more consecutive characters of a user's full name

    Apologies for not eloborating it.

    This is actually an example considered to translate the requirement. If we assume that users account name cannot be a part of password, need to finalize how many characters resemble user name. I considered 3+ as lesser than that would not make much sense.


    Thanks, AT

    Friday, May 17, 2013 8:54 AM