You might want people to change passwords on regular intervals, like every 90 days. However, you don’t want them to just change it right back since that eliminates the purpose.
That same restriction exists all the time, no matter the reason for the change.
A lot of popular libraries will allow you to modify the timings for forced password changes, and minimum password history. People might disable the forced rotation portion, but not care about the password history, despite it not being relevant without forced changed passwords.
Latest Answers