• PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    arrow-up
    29
    ·
    edit-2
    1 year ago

    If they’re able to determine that you’re using a similar password, it’s because they’re not hashing your passwords and are storing them as plaintext. You should run far far away from any site or service that is able to enforce similarity rules. Because when you properly hash a password, even a minor difference such as upper/lowercase will produce a wildly different result.

    • bloopernova@programming.dev
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      I’ve been wondering about that. I think they get around it by using the “enter your current password” prompt, so they potentially have it in cleartext for the duration of the session.