The Similarity rule rejects passwords that are similar to a user's current password.
Password similarity may indicate that someone is serializing their passwords. For
example, "password1", "password2", "password3", etc.
Password serialization should be avoided because it may allow an attacker to easily guess
the new password.
Choose a new password where the maximum number of consecutive matching characters
is less than six (6). For example, the two passwords "oldpasswd" and "newpasswd"
contain six consecutive matching characters (shown in bold type). PWChange will reject
the new password if six (6) or more consecutive matching characters are from the old password.
May not contain part of your user or Display Name
The User Logon or Display Name rule rejects passwords that are similar to a user's logon
name (user name) or Display Name. Passwords that are similar to a user's name are not
desirable because they are easily guessed.
For example, the logon name "mjones", and the password "Jonestown" contain consecutive
matching characters (shown in bold type). PWChange will reject this password if the password contains
four (4) or more consecutive matching characters.
Avoid the following characters: @ % & ? / \ + ,
These characters cause problem in some systems we use that
interpret these as command elements and will not work with them as part of your password.
Password cannot be common; as in found on compromised lists
The Compromised password rule rejects the worst of real world passwords previously exposed in data breaches.
This exposure makes them unsuitable for ongoing use as they are at much greater risk of being
used to take over other accounts.
PWChange will reject approximately 250 Million of the most breached passwords.
For example, the worst password is "123456" which had been seen 22,390,492 times in breaches.