I want to enforce certain profiles to use a minimum length password (but not all profiles so QPWDMINLEN system value is no good). I don't want to validate the content of the password just its length. I'm reluctant to code a program to use directly with system value QPWDVLDPGM as this will retreive the passwords in clear text. My idea is as follows but I'd appreciate a sanity check: Use the QIBM_QSY_VLD_PASSWRD exit point (QPWDVLDPGM = *REGFAC) with an RPGLE program that defines the receiver variable to length 64 (up to an including CCSID of new password)and is thus not big enough to receive the old and new passwords. Bt truncating the receiver variable in this fashion have I successfully avoided retreiving the passwords in clear text issue or will they be floating around in memory somewhere? Is this more of an API RPG question maybe? thanks Ken