this post was submitted on 23 Sep 2023
874 points (97.8% liked)

Memes

45680 readers
710 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
874
I will burn your servers to the ground, foul villain (startrek.website)
submitted 1 year ago by Stamets@startrek.website to c/memes@lemmy.ml
55 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Mothra@mander.xyz 10 points 1 year ago (3 children)

Why does this happen though? I always wondered why is it that a platform recognises your old password only when you are trying to change it

[–] tillary@sh.itjust.works 5 points 1 year ago* (last edited 1 year ago) (1 children)

If there were a data breach where a hacker could figure out the encryption algorithm, you don't want users to reuse an older password because those older passwords could've already been cracked.

By the way, this is why you should also never use the same password for every site. If one of your passwords is leaked and linked to a similar username or email, everything is vulnerable. I've had this happen before (the Target breach). After that I started using SSO exclusively, with a random 16 char password manager if SSO isn't an option (crossing my fingers that bitwarden doesn't get hacked like LastPass)

[–] Mothra@mander.xyz 4 points 1 year ago (1 children)

I understand when you are prompted to change, but not when you aren't. As I mentioned in another comment I remember Epic basically trolling me into resetting my password almost daily at some point

[–] tillary@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

There could be many reasons they don't prompt you to change: they meant to send an email but your notification preferences disallowed it, they sent an email and you missed it, they wanted to keep it quiet, they forgot to add the message and ux flow to change password, or they're incompetent and didn't know they needed to do that.

The Epic thing I've never seen before but that's definitely incompetence and/or a very weird bug that just slipped past them.

[–] TankieTanuki@hexbear.net 2 points 1 year ago* (last edited 1 year ago)

Microscopic trolls inside the internet tubes. I think that's the technical term.

[–] BirdyBoogleBop@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Because it runs the hash again on the new password against the old one, if it matches the old one you are told to change it as you used the old password again.

[–] Mothra@mander.xyz 4 points 1 year ago

Yes yes but I don't mean when I'm told to change one. I mean when I'm trying to login as usual, password doesn't work, so I change it. Just to test of the password I was using was wrong, that's what I use first- and it's rejected.

I remember Epic would do this on a DAILY basis at some point last year. It was so irritating. "Ah yes the brand new password from yesterday that worked yesterday but that we didn't recognise on the login page today? Well we do recognise here on the reset, jokes on you!"