Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Either that or 2-factor authentication will catch on and stealing passwords won't be worth anything.


Two-factor makes more sense. Relying on your database never getting hacked is nonsense. Is not a matter of are you getting hacked but when are you going to get hacked... expect getting hacked.

(disclaimer: I am the founder of Authy.com a two-factor auth API)


Blizzard has 2 factor; the secrets for the mobile authenticator seem to have been compromised as well as the hashed passwords.


But secrets for the mobile authenticator are much less sensitive than passwords, which are prone to reuse. It does, however, defeat the security advantage of two-factor authentication.

(I always thought the really smart crackers would break in, modify the application code to weaken the password encryption, and then re-encrypt every password when the user logs in. Come back a few weeks later and collect a bunch of working passwords, with nobody the wiser.)




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: