this post was submitted on 02 Aug 2023
9 points (100.0% liked)
Ask Experienced Devs
1232 readers
1 users here now
Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, every approach seems to be limited in that an attacker could steal the password or token indirectly. So the safest bet is probably making storing passwords opt-in for each user.