Allowing for a larger number of password combinations benefits WebSphere® Application Security. Passwords restricted to 8 characters have limits on how secure they can be. Hacking attempts often are successful with 8 character passwords. WebSphere Application Server expands the possible combinations beyond the 8 character password by providing the ability to additionally use a password phrase from 9 to 100 characters long. The password phrase gives you an exponentially larger number of combinations for securing any given user ID to an application.
In z/OS Version 1.9, RACF allows you to use password phrases in securing a user ID to an application. Password phrase support for WebSphere Application Server provides infrastructure changes that you (or other applications) can exploit to facilitate authentication information across environments and applications.
A password phrase can be from 9 to 100 characters in length and provide a far greater number of possible combinations of characters and numbers than do passwords. A password phrase is a character string made up of mixed-case letters, numbers, and special characters. A user ID can have both a password and a password phrase associated with it. The user ID uses the password for existing applications that accept an eight-character password and the password phrase for those applications that are sensitive to the longer character string.
For more information about password phrases in z/OS Version 1.9, see Z/OS V1R9.0 Security Server RACF Security Administrator's Guide. This guide is available under "Security Server and Integrated Security Services. Within the guide, see section 3.4.14.