From: Colin Streicher Date: January 19 2010 12:52am Subject: Re: Record old passwords ? List-Archive: http://lists.mysql.com/mysql/220290 Message-Id: <201001181952.11899.colin@obviouslymalicious.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit On January 18, 2010 01:34:15 pm Tompkins Neil wrote: > Hi > > I'm in the process of designing a login system to a secure web page using > MySQL. One of the features is we need to record and ensure that the user > password is different from any of the last four passwords he/she has used. > I was thinking of create four fields called Password1, Password2, > Password3 and Password4 to record the old passwords. > > Is this a preferred method - or does anyone else have any recommendations ? > > Thanks, > Neil > I'm not an awesome database designer, most of what I do is code related stuff, I think what I would do for this is 1. hash the password( sha256/512 whatever) and then 2. store the hash in a string with delimiters. In that way, you solve 2 problems. You can store as many as you want to because you can just check hashes to make sure it isn't the same, and second, you aren't storing passwords in plain- text, which is a personal pet peeve. -- In the stairway of life, you'd best take the elevator.