this post was submitted on 27 Jul 2023
1417 points (98.4% liked)

Memes

45214 readers
1480 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1417
Incorrect password (i.imgur.com)
submitted 1 year ago by TheGoldenGod@lemmy.world to c/memes@lemmy.ml
97 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] abraxas@lemmy.ml 1 points 1 year ago (1 children)

They shouldn't be storing the old password hashed, either. Expired password hashes should be destroyed like any other potentially-sensitive information that is no longer business critical.

There is a reason hackers look to get users tables even though the passwords are hashed. Because with enough of them and enough time, they can usually figure out plaintext. Giving them 10 previous hashed passwords for each user is just increasing the hypothetical risk.

[โ€“] psilocybin@discuss.tchncs.de 2 points 1 year ago

You're right ofc if you wanted to make a general remark, but wrong if you thought that was what I was implying. Never store hash histories, kids!