: the Okta password policy is not being applied correctly
- Password rejected even though it meets all requirements configured in password policy, OR
- a password is accepted when it is expected that it should be rejected
Password does not conform to "Does not contain part of username" logic Resolution:
- Check to see if "Does not contain part of username" option is selected in password policy. The logic this setting uses is as follows:
Note. Common top level domains such as "com", "net", and "gov" are not considered as parts, and are therefore allowed in passwords.
- The policy analyzes the username as "parts" that are separated by punctuation
- Any part that contains less than 4 characters is not considered by the policy
- The password cannot contain any of these individual parts in their entirety, but can contain a set of characters that comprise a portion of an individual part
- Username email@example.com contains the following parts: jones and business. "Ed" is not considered as a part since it is less than 4 characters.
- User attempts to set password to ed123456. Password is accepted, because Ed is not considered to be a password "part".
- Username firstname.lastname@example.org contains the following parts: andy, smith, and business
- user attempts to set password to smith321. Password is rejected , because it contains the part "smith".
- Username email@example.com contains the following parts: asmith and business
- user attempts to set password to smith321. Password is accepted despite containing "smith," because smith is an incomplete portion of the part "asmith".