BoltonB.40389 (Customer) asked a question.
Password Policy - Does Not Contain Part of Username
Hello,
Regarding the flag of "does not contain part of username" during password policy setup...what are the restrictions? For example, if we are using our email address as our username, will I be allowed to use pieces of the email address for my password? For example...if my username was "rick.smith@gmail.com" and I wanted to use "smithmeister15" as my password, would this be allowed? Or would it be prohibited due to the "smith" portion of my email address? (this is taking into account that both the "does not contain first name" and "does not contain last name" flags are disabled in our password policy). Please let me know if you need more clarification.
Thanks,
Bolton Boone
Hi Bolton,
Okta defines "username" as the before @ part. So in your case it's "rick.smith". More than 4 consecutive characters will be flagged by the policy.
The logic this setting uses is as follows:
Examples:
Username ed.jones@business.com contains the following parts: jones and business. "Ed" is not considered as a part since it is less than 4 characters.
User attempts to set password to ed123456. Password is accepted, because Ed is not considered to be a password "part".
Username andy.smith@business.com contains the following parts: andy, smith, and business
user attempts to set password to smith321. Password is rejected , because it contains the part "smith".
Username asmith@business.com contains the following parts: asmith and business
user attempts to set password to smith321. Password is accepted despite containing "smith," because smith is an incomplete portion of the part "asmith".