'Password history to prevent user to keep same passwords again and again
I am developing an application in PHP Laravel. It uses bcrypt encryption to store passwords. I want to keep the history of hashes whenever the user changes the password. By doing this I want to stop user entering the previous passwords in some scenarios. Is it safe to keep the history of hashes?
I am using built in functions. I do not know much about this encryption. According to my observation, if a user changes his password and keep the same as a previous one, the hash values come different. How can I stop him to keep the same password from the previous history? Is it possible while using bcrypt encryption?
Solution 1:[1]
there is a laravel package for it called laravel-password-history
which you can install and enjoy. it provides you with event listeners, migrations, validation rules, etc. it is also configurable to check for a certain depth in the history.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | tanerkay |