Add-on: same password, same identity. - eviltoast
  • kamen@lemmy.world
    link
    fedilink
    arrow-up
    37
    ·
    1 year ago

    Imagine a site telling you “Sorry, you can’t use asdf123 as your password: you’ve already used it on that other site”.

    • A_Very_Big_Fan@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      That’s not as far fetched as it sounds. Any website worth its salt will store your password as a hash, so if they started sharing the hashes with each other they could prevent you from reusing passwords without changing much security-wise

    • FakinUpCountryDegen@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      It would be better if you had a local tool telling you that - one that you control and only exists on your personal devices, kind of like secure messaging platforms such as Signal.

      Another great later would be for all compromised passwords found in breaches to never be usable anywhere ever again, thus helping to thwart the most common form of breach we see today: credential stuffing.