Skip to main content

Validate previous passwords

Requirement#

The system must not allow password changes for a user if the new password matches one of the previous 5 passwords for the same user.

References#

  • PCI DSS v3.2.1 - Requirement 8.2.5: Do not allow an individual to submit a new password/passphrase that is the same as any of the last four passwords/passphrases he or she has used.