How Can We Help?
Subscription Manager: How do I prevent a user in my company, after their password expired, from changing their password to one they already used?
NOTE: This article applies to users that have appropriate administrative access in Subscription Manager. Meaning, you need to have been given access to access the security settings in Subscription Manager.
Scenario:
Changing your password regularly is a good security principle to have. Unfortunately, not all users in a company do this on their own. Thus, software systems are increasingly forcing users to do so by letting their passwords expire after a certain number of days.
When forced to change their password, some users will attempt to use a password that they’ve used before. This behavior may increase the risk of a possible security issue occurring. Because Subscription Manager is acting as the central authentication body, it is important to prevent users from using an old password to some extent.
Solution:
To limit users from using old passwords, log into Subscription Manager and follow the steps below:
- Navigate to the Settings page by clicking on the Settings button in the top bar.
- Next, you need to set the Password Expiry (days) field, which is the amount of days that a password will stay valid before it expires, and a user is forced to change it.
- Specify the number of old passwords that need to be forbidden from being used in the Old Passwords Forbidden (number) box.
- Click Save.
Comments are closed.