From that list, the first one mentioned is the worst of the bunch. "8) A passwor... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chinpokomon on May 14, 2014 \| parent \| context \| favorite \| on: Passwords for JetBlue accounts cannot contain a Q ... From that list, the first one mentioned is the worst of the bunch. "8) A password cannot be too similar to a previous password.” How can you possibly know this without storing the password in plain text or without storing something in the database that reveals critical information about the pattern?

umsm on May 14, 2014 [–]

You can ask for the old password and the new password twice. Solves your concern without storing anything critical.

DonHopkins on May 14, 2014 | [–]

Also: "Must not have been used within your last 20 passwords."

So you just have to provide your last 20 passwords.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact