In KB-000042627 there are multiple criteria for the Sophos Central password complexity rules. Something must be missing. Recently a password manager created a random password like: Something123%SomethingjohnSomethingSomething
All complexity rules matched. The password was 16 characters long, but the password was not accepted. The error message was something like "password wrong" or "password invalid"
It took us some time to realize that some of the characters formed the name 'john'. When we changed one of the letters from the word 'john' the password was accepted immediately.
I guess it should be mentioned, that you cannot use certain words or names?!