Servers should not see passwords. Ever. Period. > Instagram accidentally reveals plaintext passwords in URLshttps://nakedsecurity.sophos.com/2018/11/20/instagram-accidentally-reveals-plaintext-passwords-in-urls/ …
-
-
Replying to @jedisct1
Why no "hash(pwd) computed, login + hash sent by the client, hash verified by the server" technique is wisespread ? Too complex ? Has weakness ?
2 replies 0 retweets 0 likes
Replying to @chtitux
Or even better: https://00f.net/2018/10/18/on-user-authentication/ …
11:01 AM - 22 Nov 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.