IRIS itself uses a PBKDF2 hash w/ salt. SHA1 with no salt increases risk if the history of passwords stored by this tool is stolen.

This a rough draft of the steps I used to import this example into a non-containerized IRIS 2021.1 instance. It would be nice to include a more formal set of instructions for customers who are non in a container or using ZPM. It is really straight forward to import to a local instance, but the instructions for containers and ZPM make it seem like these are the only ways to import the sample.

Step 1: Be logged into github and download PASSWORD.mac
Step 2: Import and compile PASSWORD.mac into the %SYS namespace.
Step 3: Configure the instance to use PASSWORD routine
USER>zn "%SYS"
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1
Step 5: Confirm setting in Management Portal
System Administration > Security > System Wide Parameters > “Password validation routine” should say “CHECK^PASSWORD”
Step 6: Test by making a new password for a user. This logs the password into the secure log location. Then, try to change the password for this user again, but making the password the same as the first one. You should see the error "This password has already been used."