|
|
|
|
|
|
by m12k
1568 days ago
|
|
|
Do you trust them to salt and hash your password using bcrypt? (rather than store it in plain text). Do you use a password manager to generate strong passwords that are at least 16 chars long? If you can answer yes to both, then it doesn't actually matter if your hashed password was part of a breach or not, the hackers won't be able to brute force it. (Of course if hackers manage to steal the private key with which your session cookie is encrypted, they can still log in as you - but then changing your password won't help either). |
|
|