582812b3ec
website: Copy files during build. website: Allow for mixed env builds. website: Reduce build size. website: Expose build. website: Add build memory debugging. WIP: Disable broken links check to compare memory usage. website: Update deps. website: Clean up API paths. website: Flesh out 3.8 fixes. Format. website: Update ignore paths. Website: Clean up integrations build. website: Fix paths. website: Optimize remark. website: Update deps. website: Format. website: Remove linking. website: Fix paths. wip: Attempt API only build. Prep. Migrate render to runtime. Tidy sidebar. Clean up templates. docs: Move directory. WIP docs: Flesh out split. website: Fix issue where routes have collisions.
2.5 KiB
title, sidebar_label, tags, authentik_version, authentik_enterprise
| title | sidebar_label | tags | authentik_version | authentik_enterprise | ||||
|---|---|---|---|---|---|---|---|---|
| Password Uniqueness Policy | Password Uniqueness Policy |
|
2025.4.0 | true |
The Password Uniqueness policy prevents users from reusing their previous passwords when setting a new password. To use this feature, you will need to create a Password Uniqueness policy, using the instructions below.
How it works
This policy maintains a record of previously used passwords for each user. When a new password is created, it is compared against this historical log. If a match is found with any previous password, the policy is not met, and the user is required to choose a different password.
The password history is maintained automatically when this policy is in use. Old password hashes are stored securely in authentik's database.
:::info This policy takes effect after the first password change following policy activation. Before that first change, there's no password history data to compare against. :::
Integration with other policies
For comprehensive password security, consider using this policy alongside:
- Password Policy - To enforce password complexity rules
- Password-Expiry Policy - To enforce regular password rotation
Implement a Password Uniqueness policy
To implement a policy that prevents users from reusing their previous passwords, follow these steps:
- In the Admin interface, navigate to Customization > Policies.
- Click Create to define a new Password Uniqueness Policy.
- Name: provide a descriptive name for the policy.
- Password field: enter the name of the input field to check for the new password. By default, if no custom flows are used, the field name is
password. This field name must match the field name used in your Prompt stage. - Number of previous passwords to check: enter the number of past passwords that you want to set as the number of previous passwords that are checked and stored for each user, with a default of 1. For instance, if set to 3, users will not be able to reuse any of their last 3 passwords.
- Bind the policy to your password prompt stage: For example, if you're using the
default-password-changeflow, edit thedefault-password-change-promptstage and add the policy in the Validation Policies section.
:::info Password history records are stored securely and cannot be used to reconstruct original passwords. :::