No, that doesn't make sense at all.
https://twitter.com/ppentestlabs/status/1202906268991664128 …
-
-
I think if they had used a salted hash and asked for a password, nobody would care, but that's literally worse than this system, right? If you're a password reuser, this system is safer. If you're not, then who cares what they do with their passwords?

-
This safeguards against "inbound reuse", yes. But outbound reuse is not in their control, right? Something like: "This new website is asking for a crazy password, and I have this sticky note for that other website already on my monitor, so let me reuse it"
- 1 more reply
New conversation -
-
-
Yeah I mean, the hubbub is definitely a mountain out of a molehill. To me it's sort of like watching someone change spark plugs by winching the whole engine out of the car for easier access. It's not _wrong_ and may even give you easier access, but it turns heads in confusion.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, it is that bad. I have seen worse. In prod. And lost arguments to change it. Plaintext plaintext everywhere. Tens of millions per year, they did not care.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Minimizing functionality to reduce attack surface maybe?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

