Hacker News new | comments | show | ask | jobs | submit login

Sorry for being ignorant, but why is providing the passwords they guess/automate a security issue?



For one, because if someone does find a hole that gives them access to Github data, they'll have all password attempts, which would include typos of the real password. Which is a terrible, terrible thing to store in a hard drive (see Adobe)


For instance (just a quick idea): because if you make a mistake and enter your gmail password instead of your github password, now your gmail password is stored in clear text in their database, opening another can of worms etc.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: