Auth0 Home Blog Docs

Force user to use a new password

password-reset
rules

#1

I have a customer that require when the user changes password after 90 days not to be able to use the same password again, for the last 15 password.

Is this possible with an Auth0 Rule?

Thanks


#2

The part about preventing reuse based on password history has built-in support at the database connection level settings (https://auth0.com/docs/connections/database/password-options#password-history). For the forced expiration, in your case the 90 days, at this time there’s not yet built-in support, but as you mentioned it can be doable using a custom implementation that leverages a rule. I know that built-in support for password expiration is something planned, but I don’t have a concrete timeline for its availability.