What does password history specify in a password policy?

Password history in a password policy is primarily concerned with managing password reuse. It specifies the number of previous passwords that a user must not use when creating a new password. This policy helps to increase security by preventing users from cycling through a small set of passwords. By enforcing password history requirements, an organization can significantly reduce the risk of unauthorized access that may occur when users repeatedly use familiar or easily guessable passwords.

It is also important to note that the other choices touch on aspects of password policy but do not relate to password history. For instance, password length relates to how many characters are allowed or required in a password, while complexity requirements cover the use of uppercase letters, numbers, and special characters necessary to strengthen a password. The duration before a password can be reset pertains to time limits on how often a password can be changed, which, although vital for security, does not directly relate to the concept of password history.