Best Technique to Store Password History for Users?

Question

I am in the process of developing a PHP login system. I would like to implement a restriction so that users cannot use a password that they have previously used (up to 5 old passwords). What would be the best option for storing the passwords? I came up with two idea's:

1) TABLE: Password COLUMN: PasswordID, UserID, Password1, Password2, Password3, Password4, Password5, LastChanged, CurrentPassword. Each user would have their own row. Fill up the columns over time and rewrite accordingly.

or

2) TABLE: Password COLUMN: PasswordID, UserID, Password, DateChanged. Each user would have up to 6 rows. PHP would handle the figuring out of which is the current via date.

Answer 1

Though my answer comes late, your #2 is more better. However, i just created a user password history by creating a trigger that stores user table row before update on another table. From here, the php script counter-checks new password against the last five passwords on this backup table.

This avoids over populating the user table with junks of records, thus speeding up both the login authentication and new password process.

Answer 2

Option 2 is the better of the two options except that you don't really have to worry about deleting rows. Most RDBMSs have a way of selecting the Top N records based on something.

The major reason that Option 2 is better, is that if you either increase or decrease the number of records that have to be queried, you can simply update a database record.