Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 May 2018 19:16:13 -0400
From: "Denny O'Breham" <>
Subject: Re: Keeping old passwords

 I don't think they should provide protection to me (but I'm
questioning the goals of Google in that case), quite the opposite.  I
hate when a website owner thinks for me and assume all sort of things
(like telling me what characters should be in my password).

If someone chooses a 4-character password, you can tell him his
password is not safe.  But if he wants to keep it, let him.  If you
suspect suspicious activities, you can tell the user.  But don't lock
him out of his account and ask him to jump through all sort of hoops
to regain access.

On 5/16/18, <> wrote:
>> So what protection do I gain as a user?  Once the 'hacker' is logged
>> on, you're pretty much done, no?
> why do you assume that they had to provide it to you???
> they do not sell "security" to you,
> they are PROSPERING on selling you security theatre.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.