this post was submitted on 27 Oct 2023
1189 points (97.9% liked)

Memes

45581 readers
2 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 6 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1189
Add-on: same password, same identity. (lemmy.world)
submitted 2 years ago by woshang@lemmy.world to c/memes@lemmy.ml
140 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] kamen@lemmy.world 30 points 2 years ago (2 children)

Imagine a site telling you "Sorry, you can't use asdf123 as your password: you've already used it on that other site".

[–] FakinUpCountryDegen@lemmy.world 6 points 2 years ago

It would be better if you had a local tool telling you that - one that you control and only exists on your personal devices, kind of like secure messaging platforms such as Signal.

Another great later would be for all compromised passwords found in breaches to never be usable anywhere ever again, thus helping to thwart the most common form of breach we see today: credential stuffing.

[–] A_Very_Big_Fan@lemmy.world 5 points 2 years ago (1 children)

That's not as far fetched as it sounds. Any website worth its salt will store your password as a hash, so if they started sharing the hashes with each other they could prevent you from reusing passwords without changing much security-wise

[–] kamen@lemmy.world 8 points 2 years ago

Any website worth its salt will salt the hash as well...