|
|
|
|
|
|
by lstamour
4614 days ago
|
|
|
Yes re client side generation though it might not be as random, the point is to encourage people to not use the same password. It could be combined with an educational note "Why use this password?" or "Why should I remember a different password? You don't need to..." Client-side is always MITM friendly without certificate pinning and strong SSL, which is why I have to dial down the paranoia a bit myself: I was just now thinking that you could plant a non-random auto-completed password, but then if you can do that you could just listen for the real password too. (We're assuming you're running JavaScript here after all.) |
|
|