Knowledge Base

Support Policies

SecureAuth password reset is not remembering "X" recent passwords

SecureAuth IdP Version affected: All

Description:
Example:
- Realm configuration is set to Enforce Password Change Requirements
- Active Directory Enforce password history is set to remember the user's last 3 passwords. The user performs multiple password resets and is able to reuse most recent passwords #2 and #3.

Cause:
Using Enforce Password Change Requirements, the SecureAuth appliance actually makes a randomized password change in Active Directory BEFORE the user's actual password is reset. This effectively means the user password is changed twice for every one time they do a password reset.

Resolution:
For this example, if the desired password history to be remembered is 3, you would actually need to set this value in Active Directory to 6. This would account for 3 user password changes, which would also account for the 3 randomized password resets done by the appliance as part of the password reset process, for a total of 6.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.