--- title: Password history description: Configure PingDirectory server to maintain a history of former passwords to prevent them from reusing the password multiple times. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_security_guide:pd_sec_password_history canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_password_history.html revdate: September 13, 2023 --- # Password history Configure PingDirectory server to maintain a history of former passwords to prevent them from reusing the password multiple times. Use the following password policy configuration properties to enable a password history: * `password-history-count` The maximum number of former passwords to maintain in the history. * `password-history-duration` The maximum length of time that former passwords should be stored in the history. If either of these properties is configured with a nonzero value, then the server maintains a password history for users associated with that password policy. If a password history is to be maintained, then you might want to also impose a limit on how frequently users are allowed to change their password. Without such a limit, some crafty users might attempt to change their passwords several times in quick succession to purge the password they want to keep from the history so they can re-use it. Configure this limit with the following configuration property: * `min-password-age` The minimum length of time that must pass between self password changes. If a user attempts to change their password multiple times within this duration, then the latter attempts are rejected. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Administrators are able to reset user passwords at any time, regardless of how long it has been since a user has changed their password. It also does not prevent a user from choosing a new password following an administrative reset. | See the `config/sample-dsconfig-batch-files/enable-password-history.dsconfig` batch file for more information about enabling password history.