reuse same pwds

I suspect certain users reuse pwds that were part of an abuse. I know it's not easy, but consider having a history of pwds to avoid that.