Slightly related (funny, for me) thing I came across recently. I was looking into why some orgs prevent you from changing the Windows domain password if it has been changed less than 24h ago.
Turns out there's a reason for this: "Setting the number of days to 0 allows immediate password changes. This setting isn't recommended. Combining immediate password changes with password history allows someone to change a password repeatedly until the password history requirement is met and re-establish the original password again." [1]
Turns out there's a reason for this: "Setting the number of days to 0 allows immediate password changes. This setting isn't recommended. Combining immediate password changes with password history allows someone to change a password repeatedly until the password history requirement is met and re-establish the original password again." [1]
[1] https://learn.microsoft.com/en-us/windows/security/threat-pr...