Strong Password validation enhanced

Validation of Strong Passwords has been enhanced to stop password variations of the User Id and the text Password.

• Tighter checking of similar characters
• The following characters were treated as equivalent, i.e. variations of
• Upper and Lower case letters
• 0 and O
• 3 and E
• 4 and A
• 5 and S
• In addition the following characters as now also treated as equivalent
• 1 and I
• L and I
• Q and O
• @ and A
• $ and S
• This means the following passwords are treated as the same:
• Password, p455wqrD
• finPOWER, f1Npqw3r
• Can no longer include the text "Password" or any variations of
• Previously,the whole Password was tested, rather than the any part of the Password. This meant "Password1" was allowed
• Can no longer include the text "Pass" or any variations of
• Can no longer include the User's Id or any variation of
• Can no longer include a block of the User's Id or any variation of
• A block being defined as:
• A group of letters or numbers separated by another character
• Must be at least 3 characters long
• For example; if the User Id is JO.BLOGGS8526, the password cannot be Jo!BLOGGS8526 because
• You cannot have the text (or any variations of) BLOGGS or 8526
• "Jo" is only 2 characters so is allowed
• You can still have BLOG in the password as the group of characters being tested is BLOGGS
• For example, if the User's Id is "C10250" then the password cannot contain "10250" or any variations of this