|
|
|
|
|
|
by sh-run
1837 days ago
|
|
|
> If you say that “basically everyone should never store plaintext passwords” then I will 100% agree with you but there are cases where the trade-off in usability can be worth it for very non-technical users. IMO due to less technical users it's even more important that passwords aren't stored in plaintext. Less technical users are more likely to reuse passwords across multiple websites. When a breach occurs unless passwords are salted and hashed the attackers immediately gain access to every account with the same username/email + password. This isn't as much of a problem for security conscious users, but if you're writing a piece of software it's important to remember that not all your users are security conscious. We can do better as an industry. |
|
|