Hacker News new | past | comments | ask | show | jobs | submit login

I guess extreme caution is good. But saying to somebody Your email, username, and password have been compromised" strikes me as a little sensational.

Granted, the average user doesn't need to know or understand the vagaries of password hashes. But if somebody reads this, they should think "OMFG somebody can login to my email account!" I mean, that's exactly what it says. But there's no legitimate reason to believe that.

Moreover, if you look at MtGox, Google locked every account on that list and forced people to change their passwords. But if you're Joe User looking at this today, are you going to connect the dots enough to see that yes, you WERE in a data leak, but then you changed your password, but this site just didn't know about it and is informing you only of the leak?

There are some leaps that normal users won't make, agreed. It's not an easy problem. Either way I believe that raising awareness in non-techie populations is good.

If you have specific suggestions, I would be happy to discuss them.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact