Hacker News new | comments | show | ask | jobs | submit login

can we please stop having this conversation every time a plain text password is mentioned, its a bad idea to have a recoverable password, in any form, the end.


It's not helping that you give the wrong explanation. The issue here isn't that the password is recoverable, because you don't know whether that is true. It may as well be properly bcrypted. The problem is that they sent you the plaintext password you just entered via email.

Can we please have people stop assuming that the password is recoverable just because it's put in an email when it's set.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact