That's unnecessarily complex. Just ask for the old password when doing an expira... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Osiris on May 19, 2017 | parent | context | favorite | on: Let them paste passwords

That's unnecessarily complex. Just ask for the old password when doing an expiration reset. Validate the old one then compare that against the proposed new one.

joshvm on May 19, 2017 | [–]

Actually, that's a very good point - you did indeed have to submit the old and new passwords. I want to say that they checked against older passwords too, but I might be misremembering.

gpawl on May 19, 2017 | [–]

That doesn't help. Your new password might be the same as the twice-previous password.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact