Hacker News new | ask | show | jobs
by bikamonki 4154 days ago
Correct, but every site where you signup does that and I do not think anyone cares. Maybe such API will not be for end users but for other apps to run signup forms against it and help users choose a better one. In any case, the whole password deal is broken. I now use my own offline pwd generator for the "important" sites but I guess I am not the average Internet user.
1 comments
akerl_ 4154 days ago
What site out there is sending my plaintext passwords to a 3rd party service to validate their strength?
link
bikamonki 4154 days ago
Hopefully none, and hopefully they are all following best practices to protect your password, but you trust them regardless. Besides, who said plain text, such service could use ssl.
link
agersant 4154 days ago
I think he meant plaintext as opposed to a hash of the password.
link