Prevent users from reusing recently used passwords. We'll track and store when a user changes their password, then create a custom validation rule to use anywhere. We'll create a command to frequently clear up the database, too.