Symantec Access Management

 View Only
  • 1.  How does the 'percent different from last password' work ?

    Posted Apr 14, 2016 11:11 AM

    Hi,

     

    I need to understand how exactly does the 'percent different from last password' work in the password policies (under the Restrictions tab) ? Is there a math to work out the percentage difference between the previous & current password ?

     

    Regards,

    Joydeep



  • 2.  Re: How does the 'percent different from last password' work ?
    Best Answer

    Broadcom Employee
    Posted Apr 14, 2016 01:30 PM

    It's just doing a string compare of the characters.  If you set "Percent different from last password = 50", then if more than half of the characters in the new password are the same as the old password, then it will fail.  You can also choose to ignore the order of characters.

     

    "Percent different from last password

    Specifies the percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless Ignore sequence when checking for differences is set to 0. For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table."



  • 3.  Re: How does the 'percent different from last password' work ?

    Posted Apr 21, 2016 05:02 PM

    Thanks.

    I don't see the "table" referred in your in your last sentence "For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table.".

    Can you publish that too ?



  • 4.  Re: How does the 'percent different from last password' work ?

    Broadcom Employee
    Posted Apr 21, 2016 05:14 PM

    You should be able to find the entire section of documentation by doing the following:

     

    1) Logon to the AdminUI

    2) Goto [Policies -> Pasword -> Password Policies]

    3) View a Password Policy (Select CREATE, if none are present).

    4) Go to the "Restrictions" tab.

    5) 'click' HELP.

    6) Review the section "Password Policy Restrictions -> Change Required Group Box"

     

    Percent different from last password

    Specifies the percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless Ignore sequence when checking for differences is set to 0. For examples of how this parameter works with Ignore sequence when checking for differences selected, see the following table.

     

    Ignore sequence when checking for differences

    Ignores the position of the characters in the password when determining the percentage.

    For example, if a user’s initial password is BASEBALL12 and the Ignore sequence when checking for differences check box is selected, a user cannot choose 12BASEBALL as the new password. If the check box is cleared, 12BASEBALL is an acceptable password because each letter occurs in a different position. For examples of how this parameter works with Percent different from last password, see the following table.

    For increased security, Ignore sequence when checking for differences check box should be selected.

     

     

    Passwords

    Percent different

    Ignore sequence

    Accepted

    BASEBALL12 (Old)

    12BASEBALL

    0

    1

    0

    Y

    Y

    BASEBALL12 (Old)

    12BASEBALL

    100

    1

    0

    N

    Y

    BASEBALL12 (Old)

    12SOFTBALL

    0

    1

    0

    Y
    Y

    BASEBALL12 (Old)

    12SOFTBALL

    90

    1

    0

    N

    Y

    BASEBALL12 (Old)

    12SOFTBALL

    100

    1

    0

    N

    N



  • 5.  Re: How does the 'percent different from last password' work ?

    Posted Apr 22, 2016 03:23 PM

    That explains a lot. Cheerio!