Re: Rules and Password Timeouts
ONLY five. Many have enough memory to go back at least ten, by which time you've probably lost track of your original password. And some go even further by not allowing any PARTS of an original password (blocking Password0 -> Password1 as "Password" is in both).
Like I said, there's at least a valid reason to have a change policy: to close or expose undetected breaches.