We want to enforce once in a while new passwords for our users. (security issue)
But if we do this, the user is able to use the same password over and over.
So we would like to have the ability to set the minimal password strength in such a way that the user is not allowed to reuse the last N passwords.
Hi@ericbosman ,
Not being allowed to use a previous password, is naturally something that is only desirable in the context of a policy forcing periodic password changes. We adhere to the guidelines of Microsoft in this, which states that periodically changing a password is more of a bad practice than a best practice:
“Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password.“
For more information regarding this topic, see this URL.
Based on this, we decided not to implement your idea. Hopefully this decision has been sufficiently clarified with this explanation.
With regards,
Jeroen