undefined | Better HN

0 pointspetedoyle1y ago0 comments

Maybe they wanted some cached data to get invalidated if users change their passwords?

0 comments

Then use some other data which can act as a proxy for that, like the date of the last credential change. Using the password itself is a terrible security smell.

j / k navigate · click thread line to collapse

0 pointspetedoyle1y ago0 comments

Maybe they wanted some cached data to get invalidated if users change their passwords?

0 comments

duskwuff1y ago

Then use some other data which can act as a proxy for that, like the date of the last credential change. Using the password itself is a terrible security smell.

j / k navigate · click thread line to collapse