[zackbloom]

Realize the point of hashing the password is to make sure the thing users send to you is different than the thing you store. You'll still have to hash the hashes again on your end, otherwise anyone who gets accessed to your stored passwords could use them to login.

[zenhack]

In particular, the point is to make it so that the thing you store can't actually be used to authenticate -- only to verify. So if you're doing it right, the client can't just send the hash, because that wouldn't actually authenticate them.

[pishpash]

But at least, with salt, it wouldn't be applicable to other sites, just one. Better to just never reuse a password though. Honestly sites should just standardize on a password changing protocol, that will go a long way towards making passwords actually disposable.

[stingrae]

I don't think a password changing protocol would help make passwords disposable. Making people change passwords often will result in people reusing more passwords.

[cm2187]

No the point is for password manager. The password manager would regularly reset all the password.... until someone accesses your password manager and locks you out of everything!

[sjwright]

If by protocol you mean a standard, consistent API that can be used by password managers to update passwords automatically, then I completely agree.