Skip to main content
Declined

Password strength - not allowing to use previous passwords

  • Erwin Ekkel
  • ericbosman

We want to enforce once in a while new passwords for our users. (security issue)
But if we do this, the user is able to use the same password over and over.

 
So we would like to have the ability to set the minimal password strength in such a way that the user is not allowed to reuse the last N passwords.
 

Did this topic help you find an answer to your question?

2 replies

Jeroen van den Belt
Administrator
Forum|alt.badge.img+9

Hi @ericbosman,

Not being allowed to use a previous password, is naturally something that is only desirable in the context of a policy forcing periodic password changes. We adhere to the guidelines of Microsoft in this, which states that periodically changing a password is more of a bad practice than a best practice:
 
“Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password.“
 
For more information regarding this topic, see this URL
 
Based on this, we decided not to implement your idea. Hopefully this decision has been sufficiently clarified with this explanation.

With regards,

Jeroen


Jeroen van den Belt
Administrator
Forum|alt.badge.img+9
NewDeclined

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings