[Chugalug] Why you don't store passwords, explained

Mike Harrison cluon at geeklabs.com
Wed Nov 6 15:02:12 UTC 2013


> And correct me if I'm wrong but if I (Sagan forbid) lose the password associated with a very expensive product
> key, there had better be a recovery route.

Not recovery, reset.

Then if I socially engineer a password reset, and you try to login to your 
account, you should be alarmed that your password no longer works.




More information about the Chugalug mailing list