Hi Jaideep Vinchurkar,

Please find attached documentation and ETA's .

Regards,
Santosh

Hi Jaideep Vinchurkar,

I discussed this with Vijayendra Shinde, the first part i.e Do not allow same password for 6 generations while changing password. is easily achievable, as we already maintain History tables now.

But 2nd part i.e For each generation at least 4 characters must be changed , We should reject this, as we can not store users password somewhere else even we store it using encryption/decryption utility in encrypted format as decryption is possible there, so ultimately it is compromise with Security and this will affect our Security , as praetorian can even ask/check in how many places we store password , even though we use it for only validation purpose.

Regards,
Santosh

Cc: Samir, Satya, Jaideep Vinchurkar, Vijayendra Shinde, Bharti Satpute

Hi Jaideep Vinchurkar,

Yes we can achieve this by maintaining history of users last 6 passwords (This needs enhancement).

For each generation at least 4 characters must be changed - This is something more challenging, as we store hashed passwords, where decryption is not possible.

But to have current password different with at-least 4 characters from any of the 6 historical password , we may need to store users password in plain text somewhere else by considering every possible security approach , such way that, this should be out of context for hackers....we need to think more on it...or we can even store password separately using our encryption decryption utility which is also a secure way to store. We just need this for comparison that, the password should have at-least 4 characters different from historical password/Previous password/last updated password.

Need to think upon above plain text password storage option in detail, will do more analysis on it tomorrow.

Regards,
Santosh

Cc: Satya, Samir