My office has declared that all web apps need to remember the last 24 passwords used, so I was trying to think of the best way to do this. So far, this is what I'm thinking. Passwords also have to expire every 30 days.
1) Add a column to the database that contains a comma-delimited list of the last 24 passwords in the order used.
2) Add a column that contains the date for when the current password was created.
3) When the current password expires (or actually when the new one is created), delete the first item from the list and add the current one to the end of it.
4) Use listContains() to see if the new password the user is trying to use already exists in the list of old passwords.
Thoughts or advice?