Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If it's a plaintext password, the minute it hits any human eyes, it is IMO compromised and the user should be required to change it. Employee, Interviewee, Hacker - doesn't matter.



I'd go a step further. IMO the second it hits a hard drive it's compromised so just the act of having that in the log would count.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: