Hacker News new | ask | show | jobs
by BoxFour 1099 days ago
There are substantial incentives for practically everyone to adopt strong passwords, including yourself, even if it's just a temporary account.

The platform actually desires you to possess a robust password, given that hijacked accounts contribute to spam so heavily.

Many people often use the same "basic passwords" on multiple websites. If one of your temporary accounts gets hijacked all your other "temporary" (in quotes because some of them might actually be important) accounts, including older ones you might have forgotten about, could be exposed.

Essentially, there are hardly any valid grounds for any platform to permit the utilization of frail passwords, especially considering how effortless it is to create distinct passwords using a password manager nowadays.
2 comments
SanderNL 1099 days ago
I think creating a strong password and offering it once is better or am I overlooking something?
link
BoxFour 1099 days ago
If you suggest making one powerful password and using it everywhere, then as soon as one website reveals your password all your accounts have been exposed. The usual practice is to remember one strong phrase and never use it for anything except your password keeper.
link
SanderNL 1099 days ago
I mean if the website in questions generates a password and shows it (and then lets it go of course). This is used to show cert private keys for example. I can see it work with passwords.

I don’t care about passwords. I just want a “key” and I’ll store it.

link
BoxFour 1099 days ago
Seems reasonable.
link
robertlagrant 1099 days ago
Offering it once? Offering what?
link
SanderNL 1099 days ago
The password, at account creation. Here is your password: ……

I have seen it being used for cert keys.

link
robertlagrant 1098 days ago
Oh I see - the system generates the user a password? Yeah; makes sense.
link
mrweasel 1099 days ago
> Essentially, there are hardly any valid grounds for any platform to permit the utilization of frail passwords, especially considering how effortless it is to create distinct passwords using a password manager nowadays.

One was just given: Users don't really care to create an account to begin with, so they provide throwaway email accounts and low security passwords. If the apps required longer, safer passwords, then they risk losing signups.

If I get a message complaining about my password being to weak, from a service I might not care that much about, then there's an increased risk that I opt to not create an account.

Apple solution is actually pretty good, it allows me to quickly create an account to try out an app or service. If I don't like it, meeh, they only have the Apple login info and nothing else.

link
BoxFour 1099 days ago
It's clear that platforms don't view it as a major obstacle to registrations. Or, at least, not a hassle that weighs significantly against the issue of unauthorized access to accounts and, to put it bluntly, articles of this nature that tarnish their reputation.

Considering the ongoing trend towards the use of robust passwords rather than their abandonment, we can infer that either the impact on meaningful engagement hasn't been substantial or the decrease in signups is deemed overwhelmingly worthwhile in order to combat spam and other unfavorable aspects.

So, I stand by what I said.

link