Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is compared to the very evil password strength checker, which gives an ambiguous "password not strong enough" error until it finds a match with another service.


Have any bad actors even been implicated in this kind of abuse?? It'd be interesting to try to automate honeypots to screen for this -- for each suspect site, unique credentials which are also reused on honeypot accounts on other major common target sites.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: