|
|
|
|
|
|
by bigiain
4794 days ago
|
|
|
"The reason services sometimes instead opt to encrypt instead of hash is for support reasons." I've seen _very_ few good reasons for encrypting passwords instead of hashing them - and that's certainly not one of them. Sure, "support" might need access credentials to my account - but it needs to be _their_ access credentials, not mine. Sure, you can build the infrastructure required to securely manage encrypted passwords and the decryption key storage - but you can almost certainly build an alternative system where support never need _my_ password instead. |
|
|