Some users would find it beneficial to have an additional Password Policy option which Rejects the users password if it matches their username or email address. This would discourage users from creating insecure passwords.
The following scenario illustrates the current behavior:
- Startup Liferay DXP
- Navigate to
- Edit Default Password Policy or create new Password Policy
Add an option under the Password Policy to prevent the username and email address from being used as the password.