Any system that uses a Password Maximum Reuse limit maintains a history of previously used passwords (generally it is a hashed copy, not the password itself). When you try to create a new password, it is run against the history list - if the new password matches one of the previous ones, it will be rejected. The reuse limit is usually what determines the number of passwords maintained in the history. Note that increasing the reuse limit usually only affects passwords changed since that point. For example, if the previous limit was 3 and you increased it to 5, a user could reuse a password they used 4 times ago, as the history at the time of the change was only 3 old passwords. In Oracle, table sys.user_history$ contains the password history information for each user, including the last change date/time. Note that this table will be empty unless the maximum reuse limit has been set. Note that access to this table (and any other table containing security access related data) should be severely restricted, as if a user can query the table data, it is possible to construct a brute force password cracker by trying lots of passwords and seeing if they hit the hashed value.

Any system that uses a Password Maximum Reuse limit maintains a history of previously used passwords (generally it is a hashed copy, not the password itself). When you try to create a new password, it is run against the history list - if the new password matches one of the previous ones, it will be rejected. The reuse limit is usually what determines the number of passwords maintained in the history. Note that increasing the reuse limit usually only affects passwords changed since that point. For example, if the previous limit was 3 and you increased it to 5, a user could reuse a password they used 4 times ago, as the history at the time of the change was only 3 old passwords. In Oracle, table sys.user_history$ contains the password history information for each user, including the last change date/time. Note that this table will be empty unless the maximum reuse limit has been set. Note that access to this table (and any other table containing security access related data) should be severely restricted, as if a user can query the table data, it is possible to construct a brute force password cracker by trying lots of passwords and seeing if they hit the hashed value.