Last Update: 2020-03-26 13:10:17 -0700

Documentation for Disallow Password Reuse Feature

The disallow password reuse feature disallows setting of a password that matches a number of previous passwords (6 by default).

On databases where Rodauth supports the use of database authentication functions, Rodauth also supports the use of database functions for checking previous passwords, so previous password hashes enjoy the same database security as current password hashes.

It is not recommended to use this feature unless you have a policy that requires it. This will significantly slow down setting a new password due to the need to check all of the previous stored passwords. Additionally, storing previous passwords means that if attackers can get access to the the database, they can get the previous stored passwords in addition to the current password.

Auth Value Methods


The error message fragment to display if the given password is the same as a previous password.


The column in the previous_password_hash_table that stores the account id.


The column in the previous_password_hash_table that stores the password hash.


The table storing previous password hashes.


The column in the previous_password_hash_table that stores the autoincrementing primary key.


The number of previous password hashes to store and check.

Auth Methods


Add the given hash to the list of previous hashes for the current account.


Whether the password given matches any of the previous passwords.