How can we help address your security and compliance needs in your server environment?

← Security and Assurance

Add an option to require administrative password reset to honor password history

Windows supports two password APIs, change and reset. The change API honors password history, preventing users from re-using recent previous passwords. The reset API ignores password history and allows an administrator or e.g. help desk, to re-use a recent previous password. Add an option in Active Directory to force the reset API to also honor password history. The default should be that this option is disabled, an administrator CAN use a recent password, so it matches expected / current behavior. For Active Directory, this option should be available in the default domain policy and also in each password settings object for granular password policy.

Thanks

Steven

4 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Steven Bramson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Security and Assurance: Authentication

Categories

Feedback and Knowledge Base

(thinking…)