I don't think it's trivial to find similar password for multiple reasons.
Comparing old passwords without plaintext is really hard and at best inexact.
Storing them plaintext (or even reversibly encrypted) is completely stupid, of course.
Even if these technical problems could be solved, sequences like: November6, December7, January8 are not "similar" but easily predictable.
Even this sequence is probably not hard to figure out if you look at a keyboard:
Secret1
Drvtry2
Ftbytu3
Deeper though, what security threat is this actually mitigating? Bad passwords caused by rotation requirements that are needed because of bad company policies, training and practices? Is there a security equivalent of "yak shaving"?
Comparing old passwords without plaintext is really hard and at best inexact.
Storing them plaintext (or even reversibly encrypted) is completely stupid, of course.
Even if these technical problems could be solved, sequences like: November6, December7, January8 are not "similar" but easily predictable.
Even this sequence is probably not hard to figure out if you look at a keyboard: Secret1 Drvtry2 Ftbytu3
Deeper though, what security threat is this actually mitigating? Bad passwords caused by rotation requirements that are needed because of bad company policies, training and practices? Is there a security equivalent of "yak shaving"?