Disallow using the same password as before on reset
frankiejarrett opened this issue · 1 comments
frankiejarrett commented
In an effort to keep passwords fresh, we should compare hashes to ensure the same password is not being used two times in a row.
If we really wanted to be serious about things, we could store the last X number of previously used hashes in user meta and never allow the same password to be used twice within that X range.
frankiejarrett commented
For now we will just check the previously-used password and not a historical list of previous passwords.