I'm still pretty new on the list, so take it easy on me if I'm way off
base. But I think you'd be better off with a table just for old
passwords. I think you could get by with four columns: id(primary
key), user_id, old_pw, change_date. It should make your validation
query and inserts much easier. You could simply "select * from
oldpwtbl where user_id='theuser' order by change_date desc limit 4;"
(disregard my poor syntax) to see if they are repeating.
One other thing I think would be more secure is to store a hash of the
password, instead of the password itself.
Anyway, that's my input.
Scott
On Mon, Jan 18, 2010 at 12:34 PM, Tompkins Neil
<neil.tompkins@stripped> wrote:
> Hi
>
> I'm in the process of designing a login system to a secure web page using
> MySQL. One of the features is we need to record and ensure that the user
> password is different from any of the last four passwords he/she has used.
> I was thinking of create four fields called Password1, Password2, Password3
> and Password4 to record the old passwords.
>
> Is this a preferred method - or does anyone else have any recommendations ?
>
> Thanks,
> Neil
>
