Quote:
Originally Posted by signupdamnit
Worse yet if the company is incompetent there is the risk that they store past passwords without hashes or encryption so if a hacker gets the database they not only get your current password but all your past stored passwords too. They then can use these at all your other online accounts. More than likely Paxum uses hashes or encryption (if not the owners should go to jail) but even then there is still a risk of compromise depending on the implementation.
|
And judging by that screenshot it says "cannot use any previous used passwords" so unless they store that data for referencing every time they require a password change, you're essentially just giving the hacker more stuff to use against you if they do get the database... Thus making the password change requirement WORSE.