PasswordHistory
Maintains a historical record of all passwords a user has previously used to prevent password reuse and enhance security. This entity is crucial for enforcing password policies that require users to create unique passwords rather than cycling through the same few passwords repeatedly. When a user attempts to change their password, the system checks this history to ensure the new password hasn't been used recently. The number of passwords to remember is configurable through the password policy - for example, preventing reuse of the last 12 passwords. Each entry stores only the hashed version of the historical password, never the actual password text, maintaining security even for old passwords. The entity tracks when each password was in use, who initiated the change, and why it was changed (expired, user-initiated, admin reset, or compromised). This historical data is valuable for security audits, helping identify patterns like users who frequently reset passwords (which might indicate account sharing) or detecting potential security incidents when multiple accounts change passwords simultaneously.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| userId | uuid | stored | The user whose password history this represents | Required |
| passwordHash | string | stored | The hashed version of the historical password | Required |
| usedFrom | DateTime | stored | When this password became active | Required |
| usedUntil | DateTime | stored | When this password was replaced with a new one | Optional |
| changedReason | string | enum | Why this password was changed Values: | Optional |
| changedBy | User | stored | Who initiated the password change (null for self-service) | Optional |
| passwordStrength | integer | stored | Calculated strength score of this password (0-100) | Optional |
| algorithm | string | stored | Hashing algorithm used for this password Example: | Optional |
| ipAddress | string | stored | IP address from where the password was changed | Optional |
| userAgent | string | stored | Browser/app used to change the password | Optional |
| createdAt | DateTime | stored | When this history record was created | Required |
Examples
Example 1
{
"@type": "PasswordHistory",
"userId": "550e8400-e29b-41d4-a716-446655440000",
"usedFrom": "2024-01-01T10:00:00Z",
"usedUntil": "2024-03-01T14:30:00Z",
"changedReason": "expired",
"changedBy": null,
"passwordStrength": 75,
"algorithm": "argon2id",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0",
"createdAt": "2024-01-01T10:00:00Z"
}Example 2
{
"@type": "PasswordHistory",
"userId": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
"usedFrom": "2023-11-15T08:00:00Z",
"usedUntil": "2024-02-20T16:45:00Z",
"changedReason": "compromised",
"changedBy": "admin_550e8400",
"passwordStrength": 45,
"algorithm": "bcrypt",
"ipAddress": "10.0.0.50",
"userAgent": "CompanyApp/2.1.0 (Admin Console)",
"createdAt": "2023-11-15T08:00:00Z"
}