diff --git a/constraints/constraint_username.inc b/constraints/constraint_username.inc
index 7b3ef5d..8ea0754 100644
--- a/constraints/constraint_username.inc
+++ b/constraints/constraint_username.inc
@@ -11,14 +11,14 @@
  * Description of the constraint.
  */
 function password_policy_constraint_username_description() {
-  return array('name' => t('Username'), 'description' => t('Password must differ from the username. Put any positive number to enforce this policy.'));
+  return array('name' => t('Username'), 'description' => t('Password must not contain the username (case insensitive). Put any positive number to enforce this policy.'));
 }
 
 /**
  * Error message of the constraint.
  */
 function password_policy_constraint_username_error($constraint) {
-  return t('Password must differ from the username.');
+  return t('Password must not contain the username.');
 }
 
 /**
@@ -26,7 +26,9 @@ function password_policy_constraint_username_error($constraint) {
  */
 function password_policy_constraint_username_validate($password, $constraint, $uid) {
   $account = user_load($uid);
-  return drupal_strtolower($account->name) != drupal_strtolower($password);
+  $username_lowercase = drupal_strtolower($account->name);
+  $password_lowercase = drupal_strtolower($password);
+  return strpos($password_lowercase, $username_lowercase) === FALSE;
 }
 
 /**
@@ -35,8 +37,10 @@ function password_policy_constraint_username_validate($password, $constraint, $u
 function password_policy_constraint_username_js($constraint, $uid) {
   $account = user_load($uid);
   $s = '';
-  $s .= "  var username='". $account->name ."';\n";
-  $s .= "  if (username.toLowerCase() == value.toLowerCase()) {\n";
+  $s .= "  var username='$account->name';\n";
+  $s .= "  var username_lowercase=username.toLowerCase();\n";
+  $s .= "  var password_lowercase=value.toLowerCase();\n";
+  $s .= "  if (password_lowercase.indexOf(username_lowercase) != -1) {\n";
   $s .= "    strength=\"low\";\n";
   $s .= "    msg.push(translate.constraint_username);\n";
   $s .= "  }\n";
diff --git a/password_policy.install b/password_policy.install
index e1e3e43..63ddfb0 100644
--- a/password_policy.install
+++ b/password_policy.install
@@ -283,3 +283,9 @@ function password_policy_update_7000() {
   db_drop_unique_key('password_policy_role', 'name');
 }
 
+/**
+ * Notify of change to username constraint behavior.
+ */
+function password_policy_update_7100() {
+  return t('The username constraint has changed to disallow passwords containing the username in addition to passwords matching the username.');
+}
diff --git a/tests/password_policy.test b/tests/password_policy.test
index 8ae746d..e2a0a5d 100644
--- a/tests/password_policy.test
+++ b/tests/password_policy.test
@@ -145,6 +145,8 @@ class PasswordPolicyTest extends DrupalWebTestCase {
     $this->assertTrue($result, 'Random string in the username constraint');
     $result = password_policy_constraint_username_validate($user->name, '', $user->uid);
     $this->assertFalse($result, 'Username in the username constraint');
+    $result = password_policy_constraint_username_validate('foo' . $user->name . 'bar', '', $user->uid);
+    $this->assertFalse($result, 'String containing username in the username constraint');
   }
 
   function testDelayConstraint() {