Users can't recycle their recent passwords.
What it actually means
Stop users from cycling back to an old password. Configure password history in your identity provider so a defined number of prior passwords can't be reused.
Pass or fail — an assessor needs a "yes" to each
- Password history is enforced for a defined number of generations.
What to have ready
- Password-history setting in the identity provider
Where teams trip up
- No history enforcement
- Users alternating between two passwords
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →