SAP USR40: How to set Password Restrictions

You can use the following system profile parameters to specify the minimum length of a password and the frequency with which users must change their password.

• login/min_password_lng: minimum password length.
  Default value: Three characters. You can set it to any value between 3 and 8.
• login/password_expiration_time: number of days after which a password expires
  To allow users to keep their passwords without limit, leave the value set to the default 0.

Specifying Impermissible Passwords

You can prevent users from choosing passwords that you do not want to allow. To prohibit the use of a password, enter it in table USR40. You can maintain table USR40 with Transaction SM30. In USR40, you can specify impermissible passwords generically if you want. There are two wildcard characters:

1. ? stands for a single character
2. * stands for a sequence of any combination characters of any length.

  123* in table USR40 prohibits any password that begins with the sequence "123."

*123* prohibits any password that contains the sequence "123."

AB? prohibits all passwords that begin with "AB" and have one additional character: "ABA", "ABB", "ABC" and so on.

  To set restriction for password follow the below procedure:-

Step 1) Execute T-code SM30. 

 Step 2) Enter the table name USR40 in "Table/View" field.

Step 3) Click Display button. 

Step 4) Enter password expression string. 

That's it for password management!