Restrict duplicate passwords

This system value controls whether the password must be different from previous passwords.

This system value controls whether the password must be different from previous passwords. This value sets a number of previous passwords that are checked for duplicate passwords. This value provides additional security by preventing users from specifying passwords used previously. It also prevents a user whose password has expired from changing it and then immediately changing it back to the old password.

See Quick reference table for an overview of the restrict duplicate passwords system value.

Table 1. Possible values for the restrict duplicate passwords system value
iSeries™ Navigator Character-based interface Description
Password re-use cycle number-of-password-values-checked Specify the number of passwords that are checked for duplicates.

Relationship to security policy

Within your security policy you should describe the password rules that are defined by the system values related passwords. For this system value, inform users that they cannot recycle passwords before this value has exceeded. Password recycling allows users to choose between three or four favorite passwords, however; this poses a security threat to your system. To minimize this threat, use this system value with the password expiration system value to prevent a password from being reused for at least 6 months. For example, if you selected 30 days for password expiration interval and selected 10 passwords for the password re-use cycle, then a typical user, who changes passwords when warned by the system, will not repeat a password for approximately 9 months.

Table 2. Quick Reference. Provides details for the restrict duplicate passwords system value.
iSeries Navigator name Password re-use cycle
Character-based interface name QPWDRQDDIF
Authority

All object access (*ALLOBJ)
Security administrator (*SECADM)

Note: The Security Officer (QSECOFR) user profile is shipped with these authorities.
How to access
iSeries Navigator
  1. Expand Security > Policies.
  2. Right click Password Policy and select Properties.
  3. On the Validation page, you will find the options for password re-use.
Character-based interface
  1. In the character-based interface, type WRKSYSVAL QPWDRQDDIF.
Changes take effect Immediately
Default value After one password
Recommended value After 10 passwords
Lockable Yes
Special considerations Select a value of 10 or more to prevent the use of repeated passwords. It is recommended to use a combination of the Password expiration value and the Password reuse cycle value to prevent a password from being reused for at least 6 month

For more in-depth information about this security value, see Chapter 3, "Security System Values" in Security Reference.

Parent topic: Password system values