Hacker Newsnew | comments | show | ask | jobs | submit login

no, they definitely shouldn't, for the same reason they don't store the real passwords in plain text. it would be a terrible security hole.



Sorry for being ignorant, but why is providing the passwords they guess/automate a security issue?

-----


For one, because if someone does find a hole that gives them access to Github data, they'll have all password attempts, which would include typos of the real password. Which is a terrible, terrible thing to store in a hard drive (see Adobe)

-----


For instance (just a quick idea): because if you make a mistake and enter your gmail password instead of your github password, now your gmail password is stored in clear text in their database, opening another can of worms etc.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: