Password Policy Enforcer User Logon Name Rule

User Logon Name Rule

The User Logon Name rule rejects passwords that are similar to a user's Active Directory logon name. Passwords that are similar to a user's logon name are not desirable because they are easily guessed.

Select the Enabled check box to enable the User Logon Name rule.

Select the Detect character substitution check box if PPE should reject passwords that rely on character substitution to comply with this rule.

Select the Bi-directional analysis check box if PPE should additionally test passwords with their characters reversed. Enabling bi-directional analysis stops users from circumventing this rule by reversing the order of characters in their password. For example, a user may enter "emannogolym" instead of "mylogonname".

Choose a value from the Tolerance drop-down list to specify the maximum number of consecutive matching characters that PPE will tolerate before rejecting a password. For example, the logon name "maryjones", and the password "Jonestown" contain five consecutive matching characters (shown in bold type). PPE will reject this password if the tolerance is four (or lower), and accept it if the tolerance is five (or higher). Choose the Auto value to reject passwords that contain the user's entire logon name.

Click the Messages tab to customize the Password Policy Client rule inserts for this rule.