Hacker News new | past | comments | ask | show | jobs | submit login

No, it's not fine. As the commenter above you said, your users deserve more respect than that. Most users, particularly unsophisticated users, re-use the same passwords across most or all of their accounts. It's a bad practice, but they do this because (amount other reaons) they expect that the people who run the websites they use would have the minimum respect and courtesy to treat the passwords with a reasonable standard of care.

Storing the password unhashed (encrypted or plaintext) is NOT a reasonable standard of care.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: