habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a5f7556054e569ffc39fb6eb330aa0091230f37
authentik/docs/topics/customize/policies/unique_password.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

46 lines
2.5 KiB
Markdown
Raw Blame History

---
title: Password Uniqueness Policy
sidebar_label: Password Uniqueness Policy
tags:
- policy
- password
- security
- enterprise
authentik_version: "2025.4.0"
authentik_enterprise: true
---
The Password Uniqueness policy prevents users from reusing their previous passwords when setting a new password. To use this feature, you will need to create a Password Uniqueness policy, using the instructions below.
## How it works
This policy maintains a record of previously used passwords for each user. When a new password is created, it is compared against this historical log. If a match is found with any previous password, the policy is not met, and the user is required to choose a different password.
The password history is maintained automatically when this policy is in use. Old password hashes are stored securely in authentik's database.
:::info
This policy takes effect after the first password change following policy activation. Before that first change, there's no password history data to compare against.
:::
## Integration with other policies
For comprehensive password security, consider using this policy alongside:
- [Password Policy](./index.md#password-policy) - To enforce password complexity rules
- [Password-Expiry Policy](./index.md#password-expiry-policy) - To enforce regular password rotation
## Implement a Password Uniqueness policy
To implement a policy that prevents users from reusing their previous passwords, follow these steps:
1. In the Admin interface, navigate to **Customization** > **Policies**.
2. Click **Create** to define a new Password Uniqueness Policy.
- **Name**: provide a descriptive name for the policy.
- **Password field**: enter the name of the input field to check for the new password. By default, if no custom flows are used, the field name is `password`. This field name must match the field name used in your Prompt stage.
- **Number of previous passwords to check**: enter the number of past passwords that you want to set as the number of previous passwords that are checked and stored for each user, with a default of 1. For instance, if set to 3, users will not be able to reuse any of their last 3 passwords.
3. Bind the policy to your **password prompt stage**: For example, if you're using the `default-password-change` flow, edit the `default-password-change-prompt` stage and add the policy in the **Validation Policies** section.
:::info
Password history records are stored securely and cannot be used to reconstruct original passwords.
:::
Reference in New Issue View Git Blame Copy Permalink