Password expiry was implemented such that when changing you can't use the previous password again - but there is no history kept, so the next time the password is changed, you could go back to an older password. Or to put it differently, it is possible to alternate back and forth between two passwords.

We should implement a history of expired passwords, so any password that has expired can never be used again (by the same user, or not at all?). It might be good to tie this in with blacklists of passwords that are known to have been leaked in data breaches.

Steps to reproduce

1. Change CT user to enable function to prevent using old password
2. Create new user
3. Login to user and change password
4. Change password again to old password

Result
Password was changed without any error

Expected result
The password will not be changed and the user will receive information that the old password has been used