You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
-
We don't store passwords.
Passwords get compromised.
Passwords make you hack target.
Passwords then appear on https://haveibeenpwned.com/
Just look at this page https://haveibeenpwned.com/PwnedWebsites and search for "vbulletin" or "forum". Most forum software is hacked at some point, we never have, but I don't want to contribute to that page.
The safest thing I can do:
- Not store a password, and never ask for one.
That's it. Which means the best thing I can do is:
- Ask someone else (who has a 24/7 security team and you trust) to verify your email and sign you in. i.e. Google, and Microsoft.
- Send you an email knowing that only you should have access to that, and let you login based on something in the email.
Because both of those are inconvenient, one you've signed in I'll keep you signed in on that device for 1 year.
I cannot lose your password if I never have it. So we don't use passwords any more, and life goes on.
- Not store a password, and never ask for one.
Velocio
What's with this sending a code to my registered email. Isn't that what passwords are for?