An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it
was determined that users were recycling previously used passwords. Which of the following password
enforcement policies would have mitigated this issue?
Password history determines the number of previous passwords that cannot be used when a user changes his
password. For example, a password history value of 5 would disallow a user from changing his password to any
of his previous 5 passwords. However, without a minimum password age setting, the user could change his
password six times and cycle back to his original password.