After changing a Windows back-end password, the old password may still authenticate for a period of time after the change. This may occur if OneSpan Authentication Server is installed on a computer in a domain with Windows back-end enabled.
This is a Microsoft feature, and can be mitigated by amending a registry setting. For more details about the issue and a method to reduce the time the old password can be used, refer to http://support.microsoft.com/kb/906305 (last accessed in January 2024).