

HN - Insecure Password Practices - 16s

HN passwords are sent over plain-text HTTP posts during logons and resets. Also, simple passwords such as '1234' are acceptable. As hackers and implementers who should have an interest in security isn't this a bad example to set... especially with all the recent password compromises and the endemic re-use of passwords?<p>Some wireshark pics here: http://imgur.com/a/69dcm
======
spooneybarger
Strong passwords and https are only needed when:

1) the data being accessed is important. 2) the user reuses credentials.

hopefully no one here is doing #2. and i certainly don't consider #1 to be
true for me. if someone were to post as me... we'll that sucks but it isn't
the end of the world.

~~~
16s
If they posted highly objectionable/obscene content as you, would that not
harm your reputation? It's at least a possibility. Reputation is everything.

~~~
spooneybarger
I'm not particularly worried about that.

