What is your favourite password rule?
You must log in or register to comment.
My favorite is “can’t be more than x% similar to the last 3 passwords”. Of course, you shouldn’t ever define what “similar” actually means.
And the only way to check that is by storing the previous passwords in a recoverable format.
I’m not sure but I think the previous password is mostly stored in an unrecoverable format and only upon changing your password, when you have to enter your previous one, does it store it in an unrecoverable format for 10x or so generations. Just a guess though for how AD might do it.
That doesn’t make it better.
Even if you only store past passwords, that is absolutely disgusting security practice.
Requirement:
Needs special charactersNot accepted for some reason: using
ọ̵̑h̸̞̉ ̴̰͒g̴͛ͅõ̸̦ḓ̵͠ ̸̳͌w̵̡̛h̴̦͘ŷ̵̫They’re too special.