Hacker News new | past | comments | ask | show | jobs | submit login

What's the fear? Aren't all passwords encrypted on the server side?

But if an in-transit plaintext password is leaked by CloudFlare, server-side encryption is irrelevant.

(... that said, it's not like revoking sessions would impede a password-holding adversary...)

It would for users that have 2FA enabled.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact