Re: minimum number of days between password change

[lee <lee@yun.yagibdah.de>]

On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
> On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
> >Hi, Ron:
> >
> >On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
> >[...]
> >>If someone learns my password on day 2, they have full access to my
> >>account for 74 days, or I must beg for SysAdmin help?
> >>
> >>"Minimum number of days" isn't a very bright idea.
> >
> >It is, for a low minimum number.
> >
> >The rationale is to avoid the user reusing passwords: Ok, so my password is
> >12345678 and I must change it now?  Let's do it: 87654321; but immediately I
> >change back again.
> >
> 
> The way to do it is to have a record in your password db of the
> hashes of each user's last N passwords.

BTW, how do you do that?