On Thu, 2023-10-05 at 14:28 -0700, Gurjeet Singh wrote: > This way there's a notion of a 'new' and 'old' passwords.
IIUC, you are proposing that there are exactly two slots, NEW and OLD. When adding a password, OLD must be unset and it moves NEW to OLD, and adds the new password in NEW. DROP only works on OLD. Is that right? It's close to the idea of deprecation, except that adding a new password implicitly deprecates the existing one. I'm not sure about that -- it could be confusing. We could also try using a verb like "expire" that could be coupled with a date, and that way all old passwords would always have some validity period. That might make it a bit easier to manage if we do need more than two passwords. Regards, Jeff Davis