Hacker News new | ask | show | jobs
by azernik 4225 days ago
Why is this a problem? If your password is "foofoo" and was set after the cutoff, then it won't be halved; if it is "foofoo" and was set before the cutoff, it will be halved, and then not match the password in the database, as intended.
2 comments
rafekett 4225 days ago
this, i'm not sure why it is hard to see that this is easy to implement without storing passwords in plaintext.
link
StavrosK 4225 days ago
You have to have stored the last password change date, which many systems don't do.
link
jtheory 4225 days ago
If they didn't before, they can start storing it to implement this.
link