Hello ABP Support Team,
We are using the ABP Identity module and appreciate the existing features like periodic password changes (password aging), which forces users to update their passwords after a set period.
However, we also have a requirement to implement password history to prevent users from reusing any of their last N passwords. From previous support discussions, it appears this functionality is not currently supported natively, and a custom implementation is required.
It would be ideal to have built-in support for password history as part of the Identity module. This is a common enterprise security requirement and helps align with compliance standards in industries such as finance, healthcare, and government systems.
Requested Feature:
- Configurable number of previous passwords to remember (e.g., 6).
- Automatic storage of hashed previous passwords.
- Validation during both user self-service changes and admin resets.
Benefits:
- Enhances security compliance for enterprise customers.
- Prevents weak password cycling.
- Aligns ABP with enterprise identity management best practices.
- Complements the existing password expiration feature for stronger policies.
Thank you for considering this request! We believe this would be a valuable addition to the ABP Identity module and look forward to your feedback.
2 Answer(s)
-
0
Thank you for your detailed feature request regarding password history support in the ABP Identity module.
Currently, the ABP Identity module provides periodic password change (password aging) functionality, which is available in the Identity Pro module. However, as of version 9.2.4, there is no built-in support for password history (i.e., preventing users from reusing their last N passwords). Implementing password history would require a custom solution at this time.
Your request for configurable password history, automatic storage of previous password hashes, and validation during password changes aligns with common enterprise security requirements. This feedback is valuable and will help guide future enhancements to the ABP Identity module.
For now, you may consider implementing a custom password history mechanism by:
- Creating a table to store previous password hashes for each user.
- Hooking into the password change/reset process to validate against the stored hashes.
- Limiting the number of stored hashes per user according to your policy.
If you would like to track the status of this feature or contribute to the discussion, you can submit a feature request on the official ABP GitHub repository.
Sources:
No verified source available for built-in password history support in the current ABP Identity module.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
I will add an internal issue to track this.
Thanks.
