Solved

How to store last 6 passords

Posted on 2014-02-10
3
293 Views
Last Modified: 2014-02-12
Hi

I have to write some code .NET, where the user must NOT use password that matches the last 6 password they have used. Can someone please tell me how I would so that i.e. down to SQL level as well as C# level

thanks so much
0
Comment
Question by:mousemat24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
cristiantm earned 500 total points
ID: 39846997
You just need to store hashes (use salted hashes) of the last 6 passwords in your database. Then for a new password, compare the new password hash with the old hashes.

I would have a table with some "USER ID" and "SALTED HASH" columns. Then get the last X (=6) hashes for the user id to compare. In case of no match, remove the X+1 entry from botton up from the table (if it exists) and add the new salted hash to the table.

You could also have X columns of old hashes, how you organize that is really up to you, I would prefer my suggestion over X columns because then it is easy to have X configurable.
0
 
LVL 23

Expert Comment

by:Michael Fowler
ID: 39851985
@Mousemat24 I will second Cristiantm's idea and add that if you need a class to encrypt your passwords please have a look at the solution I posted in http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/Q_27840448.html
0
 
LVL 3

Expert Comment

by:cristiantm
ID: 39852766
Michael74, this method you propose is *not* good. It implies on the key being stored on the server, and if an attacker can get to the stored password it probably can get the key too, so is just like using a lock on your door but keeping the key under the carpet.

Thats why using hashed salted passwords is the best and standard way to store passwords, since you do not need to decrypt them anyway, just check if it is correct, and you can do that on the hashed form.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question