Check out this post and this post.
Basically, you need to create a PW Log entity and associate it with the users. Then when setting up a password you call a Java action to verify it hasn't been used before.
Here's an example Java action that I recently made with parameters List of Logs and String password:
this.logs = new java.util.ArrayList<authentication.proxies.PasswordLog>();
if (__logs != null)
for (IMendixObject __logsElement : __logs)
this.logs.add(authentication.proxies.PasswordLog.initialize(getContext(), __logsElement));
// BEGIN USER CODE
IContext ctx = getContext();
for (IMendixObject log : this.__logs)
{
MendixHashString pw = (MendixHashString) log.getMember(ctx, "Value");
//If the password is already in the logs, return false.
if (pw != null)
{
if (pw.verifyValue(ctx, password))
return false;
}
}
//Password has not been used
return true;
This will work with salted hashes (SSHA-256). Read the posts for more details.