Where OS store password history?

Where OS store password history?

  

I need to confirm that user cannot use the same password over and over again?

And does OS has password configurable expiration duration? I want user password to expire within let's say 30 days.

Solution

Eric Halim wrote:

I need to confirm that user cannot use the same password over and over again?

And does OS has password configurable expiration duration? I want user password to expire within let's say 30 days.

Hi Eric, 

This feature is not native in OS.  You should customize Login feature to do that. 

You could create an entity to store User, PasswordHash and expiration dates.And create a timer to expurge the oldest records after the last N passwords for the ame user , according your policy.

Your CustomLogin could be check if the password is expired and request a the change. And your ChangePassword screen could do the history check to avoid repeat passwords.


Best Regards

Fabio Fantato

 


Solution

Hey Eric,


OS stores users data in "User" Entity which is in System. So if you want to use maintain history you need to extend User Entity and create your own Entity. And create records whenever user updates password create a record and use those records in future to full fill your requirement..


Thanks

Ramakrushna Rao Seera

Ah I see... thanks I was thinking this kind of stuff is standard and maybe OS has already builtin feature for this.