SAP Knowledge Base Article - Public

3108230 - Mobile Password History Policy not working as expected

Symptom

When the mobile feature Mobile Security > Mobile App Password > Settings > Enable Password History Policy is turn on. Users are able to reuse previous 5 passcodes

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

Enable the Mobile feature

Mobile Security > Mobile App Password > Settings > Enable Password History Policy

Install the SF mobile app and activate - after login you will be prompted to set your passcode

Once set > logout and back in - when prompted to enter you passcode > instead select the forgot password option

You will need to enter your SF credentials to verify yourself and then you will be asked to set your new mobile passcode

Set the same passcode as previous used 

System allows you to set the same passcode - despite the option "Enable Password History Policy" (Note: Password History Policy rejects passwords that are identical to the 5 recently used passwords. It is not possible to use it with Biometric Support.)

Cause

This is expected as the mobile password history policy only applies when the passcode expires

It does not apply when the user selects "forgot password"

It does not apply if the user uninstalls and re-installs the mobile app

Resolution

This is expected as the mobile password history policy only applies when the passcode expires

It does not apply when the user selects "forgot password"

It does not apply if the user uninstalls and re-installs the mobile app

Keywords

Enable Password History Policy, Mobile Security, Mobile Password, Mobile Passcode , KBA , LOD-SF-PLT-MOB , Mobile Issues , Problem

Product

SAP SuccessFactors Platform all versions