HN - Insecure Password Practices

2 points by 16s ↗ HN
HN passwords are sent over plain-text HTTP posts during logons and resets. Also, simple passwords such as '1234' are acceptable. As hackers and implementers who should have an interest in security isn't this a bad example to set... especially with all the recent password compromises and the endemic re-use of passwords?

Some wireshark pics here: http://imgur.com/a/69dcm

3 comments

[ 4.8 ms ] story [ 15.6 ms ] thread
Strong passwords and https are only needed when:

1) the data being accessed is important. 2) the user reuses credentials.

hopefully no one here is doing #2. and i certainly don't consider #1 to be true for me. if someone were to post as me... we'll that sucks but it isn't the end of the world.

If they posted highly objectionable/obscene content as you, would that not harm your reputation? It's at least a possibility. Reputation is everything.