Security News > 2022 > July > Enforcing Password History in Your Windows AD to Curb Password Reuse
Microsoft recommends configuring the password history to remember the last 24 passwords.
Unless an organization enforces a password history requirement, a user could skirt the rules by changing their password and then immediately changing back to their original password.
Password history requirements discourage this type of behavior by making it more difficult for a user to reuse their old password.
Windows makes it easy to add a password history requirement to an existing password policy.
Now, double click on the Enforce Password History setting, shown in Figure 1, and then choose the number of passwords that you want Windows to remember.
By default, Windows allows a recently changed password to be changed again immediately, thereby allowing a determined user to cycle through numerous password changes very quickly until they get back to the point at which they are allowed to reuse their original password.