You can restrict which passwords users are allowed to use, by entering any passwords that are not permitted in table USR40. (This is a Cross-Client Table).
You can enter either individual passwords or password patterns in this field.
This allows you to define "forbidden passwords".
This table is maintained using Transaction SM30.
There are two placeholder characters you can use in table USR40 to generically define passwords that are not permitted:
• ? represents an individual character
• * represents any character string
Single values: PASSWORD, SUMMER, WINTER, JANUARY, FEBRUARY, ...
Pattern: *WORD*, *20??*, *PASS*,*SUPER*, *SAP*, *day, Year*, ...
If you enter 123* in table USR40, the passwords are not allowed to begin with the character string "123".
If you enter AB?, passwords beginning with "AB" and an additional character (for example, "ABA", "ABB", "ABC" and so on) are not permitted.