That assumes the situation where the password hashes are stored in a way that is... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

upofadown on July 22, 2023 | parent | context | favorite | on: Why even let users set their own passwords?

That assumes the situation where the password hashes are stored in a way that is less secure than the actual data that the attacker ultimately wants access to. That must not be a very common situation.

The passwords will not be of any use on any other system. This would eliminate password reuse.

__ryan__ on July 22, 2023 [–]

Accessing a users data is not the only reason for hacking their account. Performing actions on behalf of a user is just as much of a threat.

Edit: also, if an attacker dumps all the data today then loses access to the data tomorrow, having access to my password hashes means they can access my account and data later.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact