The rules which constrain the form of a password. Some passwords are quite easy for an intruder to guess. For example, short passwords containing only alphabetic characters can be cracked very easily. Password constraint is the process of rejecting passwords based on criteria specified by a system administrator or a security administrator. Users may be prevented from creating short passwords, passwords which have the user's name contained in it, or passwords which do not include at least one non-alphabetic or numeric character. The rejection of a password is normally carried out by an operating system or software tool when a user attempts to create a new password or change an existing password.