Password managers generally send a hash but for almost all services I would say plain text password is standard, I would definitely go with something like firebase or auth0 vs rolling your own auth in most normal situations. The poster is explicit about not knowing anything about security though so all good.
This makes sense, I guess encrypting it on top of TLS doesn’t meaningfully improve security. My concern is that you’re trusting the server to immediately salt and hash upon receipt (especially before storing), but if the client at least obfuscated the password, then in the worst case of a leak you have an email and an obfuscated password that can be used to login to the pwned service but nothing else. My specific threat model depends on the average person not adopting password manager hygiene and 2fa across their services, which is fairly common amongst my friends personally.
been considering writing a msteams bridge for beeper, given that there isn't one and i've previously written a small irc <-> msteams bridge. i wonder if anyone other than myself would be interested...
Super impressive dedication. Hope this guy figures it out eventually and blogs about it again. This was super interesting and pretty funny.
This is actually really interesting. Kakao doesn't work on Linux, so if this becomes stable I could see myself using it as a way to chat on Kakao
What’s wrong with the plaintext login if it’s https ? What’s the standard for that now ?
Password managers generally send a hash but for almost all services I would say plain text password is standard, I would definitely go with something like firebase or auth0 vs rolling your own auth in most normal situations. The poster is explicit about not knowing anything about security though so all good.
This makes sense, I guess encrypting it on top of TLS doesn’t meaningfully improve security. My concern is that you’re trusting the server to immediately salt and hash upon receipt (especially before storing), but if the client at least obfuscated the password, then in the worst case of a leak you have an email and an obfuscated password that can be used to login to the pwned service but nothing else. My specific threat model depends on the average person not adopting password manager hygiene and 2fa across their services, which is fairly common amongst my friends personally.
been considering writing a msteams bridge for beeper, given that there isn't one and i've previously written a small irc <-> msteams bridge. i wonder if anyone other than myself would be interested...
I personally (thankfully) would not be bc I don't use teams at work or anywhere, But I am certain there are people that would be.
wow, what a cool project!