- The new password may not be in a list of common passwords.
- The new passwords must be at least as long as a certain number of characters (configurable, default 8).
- The new password must include at least one UPPER, lower, numeric, and $pe¢i@l character.
- The new password may not be a repeated password within a certain number of days (configurable, default 180).
- The password must be changed at least every certain number of days (configurable, default 180).
Password length, requiring special characters, and forcing the user to change their password every so often are all standard password features. But we really like checking the password against a list of common passwords that hacker use to try to crack any system. And we like ensuring that a password is not repeated in n number of days. And, we store passwords using a one-way hash with two salts, so we can't reserve engineer a password and it would be darn near impossible to crack using a hash matching method.
We know your password is important to you, so it's important to us too.