Every user can change his password once a day at the most. The
system administrator can regularly force a password change. Standard
password checks are carried out when the user enters the password,
that is, the first 3 characters, for example, may not be identical.
So far, the customer administrator had the option to implement additional checks in ABAP/4 report SAPMS01R. Since this could be
abused, we deleted this report again and offer a table USR40 instead
in which you can enter all words that are not allowed as passwords. We allow the following masking here:
? masks exactly one character and
* masks a character string of any length.
Example: *AAA* forbids all passwords which contain the character string AAA.
SAP? forbids all four-digit passwords that begin with SAP.
SAP* forbids all passwords of any length that begin with SAP.
You can maintain table USR40 via transaction SM30.