Enabling password history logging

Overview

As part of site security, DNN administrators may want to maintain a record of previously used passwords to prevent re-use when a user password change is prompted.

Requirements: Admin access. 

Steps

1. Log in to your DNN instance with admin credentials. 

2. Go to Persona Bar > Settings > Security.

securitysettings.jpg

3. In the Site Security window, click on the Member Accounts tab and then the Member Management sub-tab.

4. Click to Enable Password History. And, if needed, change the following settings:

  • Number of Passwords to Store: This is the number of passwords that DNN will retain and check against new passwords. 
  • Number of Days Before Password Reuse: Defines the number of days before an old password can be re-used. Set this to 0 to block users from ever using an old password.

passwordhistory.jpg

5. Click the Save button at the bottom of the page. 

6. Clear your cache and restart the application

7. Validate the change with a test user account by logging in, changing the account password, and then trying to change it back to the previous password. If successful, the page will prompt you to enter your password again instead of displaying the 'Password changed successfully' banner. 

 

Comments

0 comments

Please sign in to leave a comment.