Thread replies: 27
Thread images: 3
Thread images: 3
File: IMG-20160810-WA0000.jpg (396KB, 1200x1600px) Image search:
[Google]
396KB, 1200x1600px
>password is too similar to one of your previous passwords
????????
>>
>Turkish
Leave this place and never return
>>
It means your password is too similar to a previous password
>>
>>57148259
why do developers do this? if your database is ever leaked, it only increases the amount of different accounts that are hacked because people tend to use the same few passwords across all their accounts
>>
>>57148259
To, a ?
>>
>>57148297
It's not Turkish, it's Croatian. But I agree with you on Facebook.
>>
>>57148297
>>57148344
not m screenshot, faggots
>>57148317
but how would they know considering passwords shpuls be stored as hash?
>>
>>57148369
Obviously the hash is too similar retard.
>>
File: 1417459364992.jpg (24KB, 680x445px)
24KB, 680x445px
>>57148402
>>
This shit is so fucking frustrated, because what happens is that when you need to remember 10+ passwords and rotate them every month, you start to use extremely simple and/or repeating passwords, e.g. password1, next month password2, password 3 etc.
>>
>>57148319
Because webdevs are retarded.
>>
>>57148449
Use a password manager like lastpass or keep a notbook in your pocket or a usb key around your neck or a file on your phone
>>
>>57148412
>"Bait in 1080p"
>barely VGA resolution image
>hook has no bait on it
>hook is not even a fish hook and is tied to rope like an anchor
>fish is not a type you catch using bait
>>57148402
I can think of a potential way you could store hashes in a way that could detect "close" passwords, but it would make it far easier to reverse anyway. They probably just encrypt the passwords in the database anyway. So it's shit.
Actually, thinking about it: They could have the current password only salted and hashed. Then when you change your password, you always enter your current one. Validate that against the hash, then change the password to the new one and store the old one. This way at least you're only storing OLD passwords and not current ones. Still sucks though since hackers can try these old passwords on other services because users reuse passwords.
>>57148449
The issue is if they can tell how close your password is to an old one, they are storing the old ones. Which means that someone who hacks the server will get all users' passwords, as well as password histories. This will let them get into plenty of users' other accounts too since most people reuse passwords across services.
If they salted and hashed passwords properly, they wouldn't be able to tell that you were using password1 then password2 since those have very different hashes. Best they could do is compare your new password to your old one that you just entered for verification -- not the one 5 passwords ago. They could remember the hashes and prevent reusing the exact same password, but not similar ones.
>>
>>57148259
Law of Exclamation, retard.
>>
>>57148259
Bio si i osto posran...
Show me where it occurs after submitting a new password... it's always client side validation while the old password and new password are unhashed on your side. Fuck off wannabe security expert.
>>
>>57149095
That would be valid if it was checking against your previous password. But this is complaining about similarity to a password from before that. That means it's either storing your old passwords (and therefore your current one) on their server, or your browser. Both of those are terrible ideas.
>>
>>57149095
>use password1
>password1 expires after a month or so
>need to enter a new password
>enter password2 which is similar
>"your password is too similar to your previous password"
the way you explain it makes no sense
>>
When you set your password they generate hashes for similar passwords and store those as well for future comparison.
>>
>>57149471
This actually solid explaination
>>
>>57149471
You would need to store thousands of hashes to catch all the likely similar passwords.
>>
>>57149095
>Show me where it occurs after submitting a new password... it's always client side validation while the old password and new password are unhashed on your side.
On Microsoft accounts.
It doesn't have to be similar to the current password. Any previous password you have used will be checked against, which can't be done client side obviously.
>>
>>57148259
>they store passwords in plaintext
nope.jpg
>>
>>57148721
> Takes the bait that happens to be a bait picture itself
Baitception.
>>
>>57148721
Maybe they could use some rules and see if hash(rule(password)) == old hash
Not 100%, but a step up. For bonus points check them against DB dumps too.
>>
>>57149531
You really don't think Facebook has that capacity? Storing 1000 hashes would only take ~64 kilobytes, so I wouldn't be surprised if they generate even more than that.
In any case, I can verify that this is actually what they do.
>>
>>57149582
>Literally doesn't state that anywhere in the post
>>
File: 1469843979355.png (231KB, 304x366px) Image search:
[Google]
231KB, 304x366px
>>57148259
That's a red flag to not use any passwords you don't want leaked since they are either stored plaintext or the plaintext is encrypted on their side, but the key is likely on their server.
Thread posts: 27
Thread images: 3
Thread images: 3