5. To prevent the use of common password combinations, a system can be set up to include:
a) A list of forbidden passwords in table USR40
b) Instance profile parameter "login/min_password_digits"
c) A list of forbidden passwords in table USR04.
d) No additional configuration, as SAP only allows complex passwords.
ANSWERS: A, B
To avoid this problem, populate Table USR40 with forbidden or illegal passwords combinations. Also, as of Web AS 6.10, instance profile parameter "login/min_password_digits" can be set to a value >= 1 to force users enter at least one digit in their password.