Enable or disable the "Reject if Password Contains the User Name Reversed" setting. (1) enabled/disabled (1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Reject if Password Contains the user Name Reversed field link down to section 5.8.1, Table 5-7 Oracle Fusion Middleware: Securing Oracle WebLogic Server, 11g Release 1 (10.3.1) Oracle 2009-05-01 10.3.1 Prose(pdf)