2 upvotes, 6 direct replies (showing 6)
View submission: How to keep your Reddit account safe
Can you explain how you do this without having a password in plaintext?
Comment by [deleted] at 06/05/2019 at 17:57 UTC
8 upvotes, 2 direct replies
[deleted]
Comment by MelchorTrashman at 06/05/2019 at 17:56 UTC
2 upvotes, 0 direct replies
Plug all of the compromised username/password combos into the website, and if one works shut down the associated account. There is probably a easier and faster way to do this behind the scenes, but I'm guessing that's the main idea
Comment by gdq0 at 06/05/2019 at 17:54 UTC
2 upvotes, 1 direct replies
passwords are salted and hashed, then stored. If you salt and hash all the passwords in 3rd party breach sets, you can compare that to the stored values.
https://askleo.com/websites-store-passwords-securely/
Comment by kWV0XhdO at 06/05/2019 at 17:43 UTC
2 upvotes, 2 direct replies
Sites that don't store the plaintext still have access to it when the password is set, and when the user returns to authenticate. It can be checked at that time.
Comment by GoneInSixtyFrames at 06/05/2019 at 19:19 UTC
1 upvotes, 1 direct replies
Seems like some youtuber could make a video explaining the process and rake in that sweet ads money. You'll hear things like HASH and Salt.
Comment by sznowicki at 06/05/2019 at 21:14 UTC
1 upvotes, 0 direct replies
Haveibeenpwnd provides this kind of service. But it’s only doable during the login process when plain text password is still in the memory.