<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007TgJKOCA3Okta Classic EngineAuthenticationAnswered2025-10-11T09:00:47.000Z2022-03-02T08:23:51.000Z2022-03-03T07:49:24.000Z

servicea.28287 (Customer) asked a question.

March 2, 2022 at 8:23 AM
Enforce password history for last

Our password policy has the "Enforce password history for last" feature enabled. However, it treats "Pass1234" as a common password and does not allow users to set it, whereas it accepts "Pass@123" as a password for multiple users in our test environment. We've set the value of the "Enforce password history for last" function to 4, thus it shouldn't enable the last four passwords to be used again, right? I'm not sure if this functionality is working or not, and if you guys could explain to me what the actual logic is here, such as how Okta checks that this is one of the frequently used passwords?

  • 1 answer
  • 670 views

  • b5n6c (b5n6c)

    Hi Megha Rathod,

     

    Okta will not disclose the list of common/breached passwords for security concerns. Maybe Pass@123 is not in the list of breached passwords.

     

    Also, Enforcing password history will not come into picture in your case since the same password is being set by multiple users and not that the previous passwords is set by the user again .

     

    Please upvote if we are able to address your query.

    Expand Post
This question is closed.
Loading
Enforce password history for last