Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Enforcing Password History Can Curb Reuse

July 19, 2022

The demise of passwords has been touted as the future of authentication. I’ve heard that story for many years and don’t see it happening in the near term. The reality is that passwords will still be with us for a long time. What we need to do is improve our password hygiene to reduce the number of account compromises. That means we need more complex passwords that are unique for every service we use. You don’t need to change passwords all that often and uniqueness means no more password reuse.

One way to cut down on password reuse is to enforce password history. In other words, remember your past passwords so you can’t use them again. BleepingComputer has a post to provide assistance. Microsoft recommends a history of the last 24 passwords. In a Windows environment, an easy way to enforce password history is to use a Group Policy. Once you’ve launched the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy. Double click the Enforce password history setting and define the number of passwords you want to remember. Besides password history, you should also see a minimum password age to stop users from toggling back and forth.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology