|
|
|
|
|
|
by IncreasePosts
623 days ago
|
|
|
Clearly "Y" is just the password as my server sees it But, by not sending the actual user-entered password, it prevents me from logging the user-entered password in plaintext. If I did make a mistake and logged the users email and "Y", and I got hacked, the hacker could not take the email and "Y" and try to log into a variety of other online services using the same credentials. This is the credential stuffing I was speaking of. |
|
|