No, that doesn't make sense at all.
https://twitter.com/ppentestlabs/status/1202906268991664128 …
-
-
Their reasoning for the design choice - "support forgot password use case" - is why I doubt they really thought it through...
-
They should have just had a regenerate password button, it's easier to implement and handles the revocation case as well. That said, is it really that bad? There's room for improvement, but this protects password reusers better than a typical system, no?

- 3 more replies
New conversation -
-
-
I'm not saying they didn't think through their _design_ - just that they don't seem to have thought through how their explanation and "storing passwords in plaintext to send you if you forget" system would catch them a ton of flak still.
-
But that's the community's problem, not theirs. Remember last year when twitter got all up in arms about apt-get not using https even though it does native checksum matching against the repository? Too quick to speak on things we don't have the full understanding of.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
