But thats really little gain, with basically everyone knowing how bad it is to use the same password on different services, and it feels like it would not really be something the client dev could be blamed for.
Am Do., 24. Jan. 2019 um 19:33 Uhr schrieb Jonas Schäfer < [email protected]>: > On Donnerstag, 24. Januar 2019 19:07:09 CET Philipp Hörist wrote: > > Hm yes you are right, never thought that through as it seems. > > > > But does it really help not saving the pass on the client, what do i save > > instead? the challenge i send? if this is aquired by an attacker he can > > still access my account. > > But not any other account where you used the same password, as the salt is > (hopefully) unique. > > kind regards, > Jonas_______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
