From 881fc72c2c08dbe3e0261dde6373dca0d2201013 Mon Sep 17 00:00:00 2001
From: Mark Harrison <mark.harrison@octopus.com>
Date: Fri, 25 Aug 2023 06:35:07 +0100
Subject: [PATCH] Update wording for password complexity rules

---
 .../users-and-teams/resetting-passwords.md    | 25 ++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/pages/docs/security/users-and-teams/resetting-passwords.md b/src/pages/docs/security/users-and-teams/resetting-passwords.md
index 3e330dd0b0..95552236db 100644
--- a/src/pages/docs/security/users-and-teams/resetting-passwords.md
+++ b/src/pages/docs/security/users-and-teams/resetting-passwords.md
@@ -73,12 +73,19 @@ Octopus.Server.exe service --start
 
 ## Password complexity {#Resettingpasswords-PasswordComplexity}
 
-Passwords must satisfy password complexity rules.  A password must be at least 8 characters long and satisfy three or more of the criteria:
-
-- length of at least 12 characters
-- length of at least 16 characters
-- contains a number
-- contains whitespace
-- contains an uppercase letter
-- contains a lowercase letter
-- contains punctuation
+Passwords in Octopus must meet password complexity rules. Octopus applies a scoring system to a new password to decide if it meets the complexity rules.
+
+A password must be:
+- Minimum 8 characters long
+
+It also needs to meet 3 (or more) of the following scoring criteria:
+
+- Contains a number
+- Contains whitespace
+- Contains an uppercase letter
+- Contains a lowercase letter
+- Contains punctuation or symbols
+- At least 12 characters long
+- At least 16 characters long
+
+The more scoring criteria a new password meets, the higher its score and derived complexity.
\ No newline at end of file