I am currently working on a project where I would like to make sure that users do not reuse their recent passwords; are too similar to their current password (i.e. just tacking a number or symbol such as a ‘!’ to the end of the password.
I have seen websites and applications that have enforced these rules. While I can see how to test for reuse of passwords by keeping a table of the hashes for comparison, how do systems enforce the not being similar test without having to store the passwords in plain text in the database?
Your guidance would be gratefully appreciated.
You need to sign in to view this answers
Leave feedback about this