SecureAuth password reset is not remembering "X" recent passwords

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All

    Description:
    Example:
    - Realm configuration is set to Enforce Password Change Requirements
    - Active Directory Enforce password history is set to remember the user's last 3 passwords. The user performs multiple password resets and is able to reuse most recent passwords #2 and #3.

    Cause:
    Using Enforce Password Change Requirements, the SecureAuth appliance actually makes a randomized password change in Active Directory BEFORE the user's actual password is reset. This effectively means the user password is changed twice for every one time they do a password reset.

    Resolution:
    For this example, if the desired password history to be remembered is 3, you would actually need to set this value in Active Directory to 6. This would account for 3 user password changes, which would also account for the 3 randomized password resets done by the appliance as part of the password reset process, for a total of 6.

     

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.