← Back to context Comment by TZubiri 6 months ago "Your password is too similar to your previous password"Hmm, how would you know that. 4 comments TZubiri Reply Uvix 6 months ago Don't you generally have to enter the current password to change it to a new one? TZubiri 6 months ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha tharkun__ 6 months ago By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks. throwaway843 6 months ago Hash each character.
Uvix 6 months ago Don't you generally have to enter the current password to change it to a new one? TZubiri 6 months ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha
TZubiri 6 months ago Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.That said, it means that you can skip this check by hacking around the front end check haha
tharkun__ 6 months ago By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks.
Don't you generally have to enter the current password to change it to a new one?
Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.
That said, it means that you can skip this check by hacking around the front end check haha
By making it less secure. Like those auth schemes back in the day that sounded great in theory until you figured out that in order to implement them the provider had to store them un-hashed. No thanks.
Hash each character.