>And if you gave the option to users of being able to retrieve their old pas... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		run4yourlives on Aug 29, 2007 \| parent \| context \| favorite \| on: Facebook Rival ConnectU.com's SQL injection vulner... >And if you gave the option to users of being able to retrieve their old password or have a new one generated, most would choose the former Do you have any evidence at all to support that?

asdflkj on Aug 29, 2007 [–]

No, i don't have any evidence, other than anecdotal. It's what I would prefer, because changing the password from random to something that I might remember is an extra step, and an unnecessary one unless security really matters (e.g. money is involved). I took it as given that people prefer less work over more work.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact