How does the 'percent different from last password' work ?

Document created by joydeepdasgupta on Apr 22, 2016Last modified by kristen.palazzolo on Dec 17, 2016
Version 2Show Document
  • View in full screen mode

Hi,

 

I need to understand how exactly does the 'percent different from last password' work in the password policies (under the Restrictions tab) ? Is there a math to work out the percentage difference between the previous & current password ?

 

Regards,

Joydeep

 

It's just doing a string compare of the characters.  If you set "Percent different from last password = 50", then if more than half of the characters in the new password are the same as the old password, then it will fail.  You can also choose to ignore the order of characters.

 

"Percent different from last password

Specifies the percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless Ignore sequence when checking for differences is set to 0. For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table."

 

Thanks.

I don't see the "table" referred in your in your last sentence "For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table.".

Can you publish that too ?

 

You should be able to find the entire section of documentation by doing the following:

 

1) Logon to the AdminUI

2) Goto [Policies -> Pasword -> Password Policies]

3) View a Password Policy (Select CREATE, if none are present).

4) Go to the "Restrictions" tab.

5) 'click' HELP.

6) Review the section "Password Policy Restrictions -> Change Required Group Box"

 

Percent different from last password

Specifies the percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless Ignore sequence when checking for differences is set to 0. For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table.

 

Ignore sequence when checking for differences

Ignores the position of the characters in the password when determining the percentage.

For example, if a user’s initial password is BASEBALL12 and the Ignore sequence when checking for differences check box is selected, a user cannot choose 12BASEBALL as the new password. If the check box is cleared, 12BASEBALL is an acceptable password because each letter occurs in a different position. For examples of how this parameter works with Percent different from last password, see the following table.

For increased security, Ignore sequence when checking for differences check box should be selected.

 

 

Passwords

Percent different

Ignore sequence

Accepted

BASEBALL12 (Old)

12BASEBALL

0

1

0

Y

Y

BASEBALL12 (Old)

12BASEBALL

100

1

0

N

Y

BASEBALL12 (Old)

12SOFTBALL

0

1

0

Y
Y

BASEBALL12 (Old)

12SOFTBALL

90

1

0

N

Y

BASEBALL12 (Old)

12SOFTBALL

100

1

0

N

N

 

This document was generated from the following discussion: How does the 'percent different from last password' work ?

Attachments

    Outcomes