Hacker News new | past | comments | ask | show | jobs | submit login

maybe there was no way to save and transfer the pin from one place of the system to another, and the only way to do it is to guess on the other side by timestamp.

pretty hacky implementation but oh well




Hash with a secret key (a pepper) solves that. Heck, hashing with a salt or even just plain hashing would be miles better than this.


Hash? I wouldn't trust the folks at Equifax to know the difference between a one-way function, a cannabis concentrate, and a fried potato dish.


Carrying around the password wasn't a problem.

There's an option to pick your own password during the previous step but having an automated one is the default option, so a lot of people miss it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: