List:General Discussion« Previous MessageNext Message »
From:John Meyer Date:January 21 2010 3:07pm
Subject:Re: Record old passwords ?
View as plain text  
On 1/19/2010 7:49 AM, Mark Goodge wrote:
> On 19/01/2010 14:44, Tompkins Neil wrote:
>> Hi All,
>>
>> Following on from my earlier email - I've the following question now :
>>
>> I can enforce that the user can't use the same password as the
>> previous four
>> - when they change their password. However, the user can manipulate
>> this by
>> changing the password four times and then resetting back to there
>> original
>> password. How would I overcome this problem ? Any thoughts or
>> recommendations ?
>
> Store the date/time that the password was changed, and as well as not
> alllowing one within the past four passwords you can also disallow one
> that was last used within the past N days, for whatever value of N you
> prefer.
>
> Mark
>


Keep in mind that if you do this you may be setting yourself up for 
other security risks (people writing down passwords, etc).  If a 
security measure gets in the way of the right people's ability to access 
the environment, they will find a way to circumvent it--and screw over 
your pci compliance in the process.
Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan