
Tell HN: GitHub will reset passwords June 24, 2020 - zatel
When I logged into an old github account I recieved this message:<p>The password you provided is weak and can be easily guessed. To increase your security, you must update your password. After June 24, 2020 we will automatically reset your password.<p>-----<p>It&#x27;s only for insecure passwords I guess but hopefully if someone needs to see this they will
======
rpg3
I had the same message last month, except my deadline was April 24th. Anyone
that's affected will see a message when they log in, but it will actually only
reset until you try to log in after that date.

For me, I logged in a few days after my deadline and instead of showing me the
warning it just forced me to reset my password. I'm assuming they're doing it
on a rolling basis of some sort.

------
pvsukale3
Just out of curiosity: how do they understand password is weak if it is
hashed?

~~~
jhayward
I don't know what method GH is using, but the standard attack on hashed
passwords is the use of rainbow tables[1]

[1]
[https://en.wikipedia.org/wiki/Rainbow_table](https://en.wikipedia.org/wiki/Rainbow_table)

~~~
gus_massa
Most modern hash algorithm like bcrypt or scrypt add automatically a salt to
prevent the use of rainbow tables.

