User Display Name Rule

The User Display Name rule rejects passwords that are similar to a user's Active Directory display name (full name for local accounts). Passwords that are similar to a user's display name aren't desirable because they are easily guessed.

• Select the Enabled checkbox to enable the User Display Name rule.
• Select the Detect character substitution checkbox if Password Policy Enforcer should reject passwords that rely on character substitution to comply with this rule.
• Select the Bi-directional analysis checkbox if Password Policy Enforcer should additionally test passwords with their characters reversed. Enabling bi-directional analysis stops users from circumventing this rule by reversing the order of characters in their password. For example, a user may enter "emanyalpsidym" instead of "mydisplayname".
• Choose a value from the Tolerance dropdown list to specify the maximum number of consecutive matching characters that Password Policy Enforcer tolerates before rejecting a password. For example, the display name "John Smithers", and the password "12smithtown" contain five consecutive matching characters (shown in bold type). Password Policy Enforcer rejects this password if the tolerance is four or lower, and accepts it if the tolerance is five or higher. Choose the Auto value to reject passwords that contain the user's entire display name.
• Click the Messages tab to customize the Password Policy Client rule inserts.