The Enzoic Test Page is a great place to see what will be caught by the Enzoic API and policy settings. While the test page is fairly straightforward, it can sometimes be difficult to tell what each rejection notice means and which policy setting it ties back to. Below are some examples of password rejections and the policy settings that they violate. 

Password is known bad:

Fuzzy matching: 

*Fuzzy matching is not a detection method itself, but rather it acts as a password normalization function. Because of this Fuzzy matching will always be accompanied by another policy violation. 

Root Passwords: 

*Like fuzzy matching, Root Password is not a detection method itself, but rather a normalization function. Because of this root password match will always be accompanied by another policy violation. 

Password containing a user’s first or last name:

Password containing a user’s login:

Password containing a user’s email address:

Password containing repeating characters: