Need to check that new password is different to the existing password

0
We are using the Forgot Password module to reset users’ passwords.  How can we check in the Step4_SubmitPassword microflow that the new password is not the same as the existing one saved in the database?  The password attribute for System.User is not available.  I thought of using the Java Action Call ‘Verify password’ at this point using the new password as the input for the java action and if it returned true then that would indicate that  the new password is the same as the existing one.  Is this an acceptable method to use or is there a better way?   thanks Kath
asked
2 answers
3

Hi Kathleen,

Yes you should use the VerifyPassword action. It's also used in the ChangeMyPassword flow in de Administration module so you can copy that setup. Don't go copying and saving the password in other fields as it is indeed a security risk. 

answered
0

Password for the Account are hashed , so its not easy to decrypt it .
what I suggest while creating user and saving the user info take the password and copy in new attribute in Account entity .
You may feel its security issue ,Better use encryption module and encrypt the password and save in attribute . While comparing as 
per your user story decrypt it and compare with New Password .

answered