|
|
|
|
|
|
by adameasterling
992 days ago
|
|
|
> It's not on 23andMe, or anyone (other than the user) for that matter, to ensure the passwords used by the user are not copied passwords from other credentials. In my opinion, it is, actually, on 23andMe. At my tiny startup, I implemented a simple check against Troy Hunt’s compromised password database.[1] If I can do it, 23andMe can. If anyone reading this is in the business of making web apps and there’s literally anything of value behind your login, prioritize this mitigation. OWASP recommends it too. [2] 1. https://haveibeenpwned.com/Passwords 2. https://cheatsheetseries.owasp.org/cheatsheets/Credential_St... |
|
|