|
|
|
|
|
|
by eviks
986 days ago
|
|
|
> But you didnt know if that password was going to be used for stealing - it's an assumption But you do know for a fact that these leaked passwords are used for stealing, so forcing a password change would prevent that, ergo, save some users from having their data stolen. Private leaks have no impact on this |
|
|
no, the passwords are revealed, but it might not be used for stealing. And passwords that are stolen but not revealed publicly will continue.
My point is that the site will force an update, but the user's quota of inconvenience is used up - therefore, a more effective measure such as 2FA will be seen as unnecessary by the user, and thus, lower the user's security.
This is why the solution is to not spend the effort/cost on trying to detect password leaks. It is to make 2FA.