• kamen
    link
    fedilink
    361 year ago

    Imagine a site telling you “Sorry, you can’t use asdf123 as your password: you’ve already used it on that other site”.

    • @A_Very_Big_Fan@lemmy.world
      link
      fedilink
      71 year ago

      That’s not as far fetched as it sounds. Any website worth its salt will store your password as a hash, so if they started sharing the hashes with each other they could prevent you from reusing passwords without changing much security-wise

      • kamen
        link
        fedilink
        English
        101 year ago

        Any website worth its salt will salt the hash as well…

    • It would be better if you had a local tool telling you that - one that you control and only exists on your personal devices, kind of like secure messaging platforms such as Signal.

      Another great later would be for all compromised passwords found in breaches to never be usable anywhere ever again, thus helping to thwart the most common form of breach we see today: credential stuffing.