List:General Discussion« Previous MessageNext Message »
From:Mark Goodge Date:January 19 2010 2:49pm
Subject:Re: Record old passwords ?
View as plain text  
On 19/01/2010 14:44, Tompkins Neil wrote:
> Hi All,
>
> Following on from my earlier email - I've the following question now :
>
> I can enforce that the user can't use the same password as the previous four
> - when they change their password.  However, the user can manipulate this by
> changing the password four times and then resetting back to there original
> password.  How would I overcome this problem ? Any thoughts or
> recommendations ?

Store the date/time that the password was changed, and as well as not 
alllowing one within the past four passwords you can also disallow one 
that was last used within the past N days, for whatever value of N you 
prefer.

Mark
Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan