Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am not sure I agree. Your way will leave all the non active users exposed in the case of a leak. They may not be active on your website but are likely active on another website using the same password.


As I said, that's an option among others, it has drawbacks.

For a website like Yahoo with billions of abandoned accounts, that's a serious drawback ^^




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: