Comment by TZubiri 3 days ago "Your password is too similar to your previous password"Hmm, how would you know that. 4 comments TZubiri Reply Uvix 2 days ago Don't you generally have to enter the current password to change it to a new one? TZubiri 2 days ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha tharkun__ 3 days ago By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks. throwaway843 2 days ago Hash each character.
Uvix 2 days ago Don't you generally have to enter the current password to change it to a new one? TZubiri 2 days ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha
TZubiri 2 days ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha
tharkun__ 3 days ago By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks.
Don't you generally have to enter the current password to change it to a new one?
Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.
That said, it means that you can skip this check by hacking around the front end check haha
By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks.
Hash each character.