undefined | Better HN

0 pointsollifi3y ago0 comments

I sort of wish companies would not have employees passwords. Hashing should be standard practice.

0 comments

It must be, but publishing old passwords can still be done by saving the old cleartext password on password change.

As in store "old password" as cleartext on its final use?

Yes, that was my initial thought on how to make this possible. In my case, the company where I contract has a dedicated application (on Mac, at least) for password changes: record the old password and share it once the new password has taken effect.

dotancohen3y ago

The last password, to be posted, could be stored in plain text on the password change form submit action. Before that it is only ever committed to permanent storage as a hash.

j / k navigate · click thread line to collapse

0 comments

ovi2563y ago

It must be, but publishing old passwords can still be done by saving the old cleartext password on password change.

BeFlatXIII3y ago

As in store "old password" as cleartext on its final use?

macintux3y ago

dotancohen3y ago

The last password, to be posted, could be stored in plain text on the password change form submit action. Before that it is only ever committed to permanent storage as a hash.

j / k navigate · click thread line to collapse