undefined | Better HN

0 pointsthe_snooze4y ago0 comments

>Idea about rotation of passwords is that you assume that your password 'was leaked/cracked' and you don't know about it and have no way knowing it.

That's really not the user's responsibility at that point. It's up to the service to store passwords securely (i.e., use proper password hashing functions) and monitor login behavior to throw up extra challenges if things look suspicious.

Password rotation is a high-cost measure placed on the user that has little (even negative) benefit, especially when there are more effective alternatives the service is better-positioned to implement. Users cannot twist themselves into knots to make up for shitty service-side design decisions.

0 comments

ozim4y ago

When I have right of way on the crossroads and I see truck coming with high speed from the side I am not going to drive in front of it and then claim, it was his responsibility to stop because I had "right of way". It is also no use when I am dead or severely wounded or all my money from account gone.

j / k navigate · click thread line to collapse

0 pointsthe_snooze4y ago0 comments

>Idea about rotation of passwords is that you assume that your password 'was leaked/cracked' and you don't know about it and have no way knowing it.

0 comments

ozim4y ago

j / k navigate · click thread line to collapse