disallow_password_reuse.rdoc

doc/disallow_password_reuse.rdoc
Last Update: 2020-03-26 13:10:17 -0700

Documentation for Disallow Password Reuse Feature

The disallow password reuse feature disallows setting of a password that matches a number of previous passwords (6 by default).

On databases where Rodauth supports the use of database authentication functions, Rodauth also supports the use of database functions for checking previous passwords, so previous password hashes enjoy the same database security as current password hashes.

It is not recommended to use this feature unless you have a policy that requires it. This will significantly slow down setting a new password due to the need to check all of the previous stored passwords. Additionally, storing previous passwords means that if attackers can get access to the the database, they can get the previous stored passwords in addition to the current password.

Auth Value Methods

password_same_as_previous_password_message

The error message fragment to display if the given password is the same as a previous password.

previous_password_account_id_column

The column in the previous_password_hash_table that stores the account id.

previous_password_hash_column

The column in the previous_password_hash_table that stores the password hash.

previous_password_hash_table

The table storing previous password hashes.

previous_password_id_column

The column in the previous_password_hash_table that stores the autoincrementing primary key.

previous_passwords_to_check

The number of previous password hashes to store and check.

Auth Methods

add_previous_password_hash(hash)

Add the given hash to the list of previous hashes for the current account.

password_doesnt_match_previous_password?(password)

Whether the password given matches any of the previous passwords.