I was wondering if there is an already deployed feature in Jfrog Artifactory that stores the user's password history. I would like to have the ability to reject a password which is the same with some that has been used in the resent past.
One solution that I thought is a custom implementation which will query the password history of a user from the MySql database and search in the reults for the given password.
I am using the 6.3.3 version of Jfrog Artifactory.
JFrog Access provides some password policy rules (see here). But Artifactory does not persist passwords (or old passwords) due to security considerations.
You might argue such a feature can be implemented with password hashes which is correct, but no such thing is currently implemented - you can always submit a feature request