Hacker News new | comments | show | ask | jobs | submit login

Sorry for being ignorant, but why is providing the passwords they guess/automate a security issue?



For one, because if someone does find a hole that gives them access to Github data, they'll have all password attempts, which would include typos of the real password. Which is a terrible, terrible thing to store in a hard drive (see Adobe)


For instance (just a quick idea): because if you make a mistake and enter your gmail password instead of your github password, now your gmail password is stored in clear text in their database, opening another can of worms etc.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: