Skip to content
This repository has been archived by the owner on Jan 30, 2024. It is now read-only.

Password Expiry permits reusing current password as new password #175

Closed
eliotsykes opened this issue Apr 17, 2016 · 4 comments
Closed

Password Expiry permits reusing current password as new password #175

eliotsykes opened this issue Apr 17, 2016 · 4 comments

Comments

@eliotsykes
Copy link
Contributor

Password expiry allows a user with an expired password to reuse their current password as their new password.
@eliotsykes
Copy link
Contributor Author

You can setup the password_archiveable module as a workaround for this bug. This prevented the current password from being set as the new password with the following settings in the initializer:

  # How many passwords to keep in archive
  config.password_archiving_count = 4

  # Deny old password (true, false, count)
  config.deny_old_passwords = true

@manno
Copy link
Contributor

manno commented Apr 20, 2016

Thanks for bringing this up. Using both modules together is the expected way to implement password expiry without password reuse. If this was not clear from the README.md we need to update the documentation.

@manno manno closed this as completed Apr 20, 2016
@eliotsykes
Copy link
Contributor Author

Thanks @manno - documented in #177

@mathieujobin
Copy link
Contributor

this new feature also allow to prevent the reuse of all previous password newer than a X date.

#174

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eliotsykes @mathieujobin @manno