Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Reminder that none of this would be necessary if nobody reused their passwords.


Sure it would. People using Twitter still need to change their password even if it is the only place they use their password.


To defend against what? That some guy at twitter who saw the logs can login and change somebody's status?

Anyway, I guess you're right, I simplified. It is kind of a valid point, although if I was this paranoid then I would never leave the house. I just wanted to say that if the web wouldn't have been built on a giant piece of s*, for example password authentication, none of this would have been necessary.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: