Storing Old Password History and Information

Security:

It might sound like a security hole to you. But trust me, It is one of the strongest security pattern. It prevents you from avoiding you to create an old password of yours even in your hurry times. It is really necessary for you not to re-create your old passwords, since there is always a chance of some people knowing your history(friends or foes, it still counts as a threat to your privacy).

Convenience:

You have no idea how useful it is to an user when they are notified that they entered their old password by mistake OR they changed it this time back,etc., It will really help a user who genuinely typed his old password by mistake.

Getting hacked:

Just by knowing that you changed your password last month will not help an attacker to guess your current password. It is based on the information that you put out there online.

For example, when an attacker comes to know that you changes your password two days before, he might check out your blog or social network sites you are involve in. If you put any related info that could lead to guessing your current password, thats when you are officially busted and it not because of your networks but by you.

Conclusion:

So just be careful with your online data. Update strong passwords frequently and bother less about your old passwords stored by Facebook,Google,Twitter. After all they exist to make money by your usage which means they are desperate enough to secure your identity and information as they secure theirs!

Nothing is 100% secure, however, this feature of keeping old-passwords protects you from using the passwords which are known to other unauthorized people.

Let's say you have a password 123, someone got hold of it, and then you changed it. Sometime later you realized that you are in need of changing the password again. So, if you enter '123,' the system will not accept and will throw you a message.

In case the website is not storing the old-passwords, the attacker or malicious person can easily get a hold of your account.

Another thing is that, Google, Facebook and other websites also check for cookies in the system. If they realize that the account was accessed on this computer, then only they will show you a message stating that your password was changed on this date.

It is always good to keep a strong password having upper and lower characters, numbers and special characters with a minimum length of 10 characters.

Don't worry, the sites don't need to store your old passwords. They simply need to store the salts and hashes of your previous passwords. So, even if their system was compromised, your previous passwords would not be revealed. As for why they want to make sure you don't reuse any previous passwords, that's simply in case any of your previous passwords were compromised (or are currently being brute-forced and are on their way to being compromised). This is a good policy with absolutely no risk to your data.