That means they’ve updated their password requirements and your new one is now rejected, or they reject passwords of a certain age or with a lack of account activity.
They better not know whether the old password matches their new password requirements, as all they should have is the salted hash of the password, which reveals no information about the password on its own.
That means they’ve updated their password requirements and your new one is now rejected, or they reject passwords of a certain age or with a lack of account activity.
They better not know whether the old password matches their new password requirements, as all they should have is the salted hash of the password, which reveals no information about the password on its own.
Well, that’s best practices but that’s definitely not always implemented lmao
I’m pretty sure it was because the password was compromised. That’s what I’ve heard for a decade now.