Assume that we forcing users to change their password from time to time. Is it possible that their will use their old passwords in future? I mean if user change from password A to B will he/she be able to change it from B to A next time?
Write a global handler for when a user is updated to store the last N # of passwords off to a different location. Then when a user updates their password again, check it it's in the list of previous N list.
According to the documentation there isn't anything about not using N # of last passwords. So technically they could have password A and change it to password A again and there are no issues.
Ok so is there any solution for this? How can I force users to never use older passwords?
Please, sign in to be able to submit a new answer.