Hacker Newsnew | comments | ask | jobs | submitlogin
peterwwillis 580 days ago | link | parent

Your argument, then, is that Pandora should apply password hashing to keep people from being compromised elsewhere? Assuming they only had two online accounts this might make sense. Assuming every single one of their accounts, all the same credentials, had perfectly implemented password hashing, this might make sense.

But that is bullshit and we both know it.

There will always be a bad implementation, or a mistake, or an insider, or a man in the middle. If all their 100 accounts are the same creds, it only takes one time and they're fucked.

It is completely impossible to have perfect security on all these accounts. It is inevitable that one will get cracked. At that point, blaming anyone but the user is lunacy.



jlgreco 580 days ago | link

> Assuming every single one of their accounts, all the same credentials, had perfectly implemented password hashing, this might make sense.

It is Pandora's ethical duty to do their part. And it is the ethical duty of other sites to do their part.

It is the user's duty to do their part.

Any one of these parties slacking does not excuse slacking on the part of others.

This is not a perfect world. We all know there are people who use the same password everywhere. Since we know that, it is our responsibility to do our part.

-----

pearkes 579 days ago | link

This is exactly what I meant when I said: "everything within their control to protect a user".

-----

masterzora 579 days ago | link

That's an excellent point. Pandora should just publish their user/pass database and it will the user's own fault if they've reused their password ever.

But, seriously, whether they should be or not the fact is Pandora is hosting sensitive information and they need to act like it. They shouldn't need to lock it down like Fort Knox, sure, but password hashing is considered a bare minimum these days.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: