Make sure users set a password that hasnt been used before
Hi fellow devs, I'm trying to find a way to make sure a user can’t set his password to a password that he has been using before. I found an old question and answer from 6 years ago (https://forum.mendix.com/link/questions/5925) but I was wondering if this information is still up to date and if there’s an easier solution. I tried making an extra entity associated with account where I can store old passwords. The problem is: you can't compare ssha-256 hashed passwords because they are never the same and I can't store the password as a normal string because that would not be safe. Any thoughts or suggestions how to make sure someone can’t use a password that has been used before? Kind regards, Jan-Willem
The post you mention, mentions to store the values of the old passwords in a hashstring attribute.
By using the method verifyValue for the hashstring attribute you can see if the password string was already used, but can’t get the original password string. This should still work and you should make sure that the data can’t be accessed by any user role.