locked
Reject using old password after recovery password. RRS feed

  • Question

  • User-1013792694 posted

    Right now, I'm using VS 2017, .net core v2.x & standard template for Authentication. I am trying to prevent user from using any of their old passwords when user is trying recovery password. 

    Is there any idea how to start doing this idea ? or any link related with this idea.

    Wednesday, July 31, 2019 9:09 AM

All replies

  • User-821857111 posted

    I am trying to prevent user from using any of their old passwords when user is trying recovery password. 
    Why? There's nothing more annoying if you have forgotten your password, than being prevented from resetting it to the one you forgot, in my opinion.

    There is nothing in the standard template to cater for this requirement. If you really want to implement this, you can copy the existing password hash into a separate table, and query that against the password the user is trying to reset to. The table can be called OldPasswords, and only needs the UserId as a key, and the hashed password. 

    Wednesday, July 31, 2019 10:41 AM