|
|
|
|
|
|
by nubis
5008 days ago
|
|
|
I fail to see the point made by that commenter that has not been made yet in this thread, other than the funny accusation of malice. We don't store plaintext passwords, and we are very aware of mass assignment bugs. (being suspected of such naive practices is why I mentioned the incompetence thing earlier). If security is a chain, then we strive not to be the weakest link. People have to learn what's the risk involved in giving out their password, how to evaluate who they give it to, and then make their own choice regarding whether they want to give it away or not. I get my hopes high when I read that you wouldn't mind people giving their password to a company that is better than 'just about anybody'. Convincing people that we are trustworthy was a big initial challenge for us, and still is as we reach out to more and more users. |
|
|
what i am saying is that there may be some things that you forget about, because we are all humans. and in order to mitigate the risk from us being humans, we should not store passwords in a way that is easily recovered.