JasonA.70601 (Customer) asked a question.
How to prevent circumvention of password history enforcement (adding a sequential # to the end of a password)
Hello everyone,
In our org, we have implemented password history enforcement for the last X passwords, however this can be easily circumvented by adding an additional character (like adding a * at the end of the previous password). I was wondering if there are any ways to prevent this and to require someone to make a completely new password? I've looked through the password options and cannot really see any options to prevent this.
Hoping someone here has encountered this and found some sort of prevention tactic. Thanks everyone 🙂
I'm not aware of any password policy option in Okta or AD. I found this post about AD that talks about this issue where others have posted ideas but none seem great to me. https://community.spiceworks.com/t/preventing-password-reuse-when-users-add-an-extra-number-or-letter-to-their-pw/383320
I think your best option to prevent what you described would be to go passwordless. https://www.okta.com/products/passwordless/