Password policy : Password can have part of user name in different cases


I have added the password policy but after that I tried to authenticate the policy. It’s not working well in some conditions.

As per the policy => Not username: The password cannot be the same as the username.

Password policy states it shouldn’t contain a part of user name. However, it allows user name in different case.

for example : if the tenant user is →

Then we cannot set password with a part of user name → roger

But if we change the case of it, it allows us to set the password → Roger, ROGER

Is it a bug or I misunderstood the policy?

Please share your views on it.


The policy checks for a case-sensitive match:

If you want it work differently, you can implement your own provider.