I don't think we need encrypted passwords hints, perhaps obfuscation would be a better method, my computer password hint is "$1 -> thy 448o2" which seems to be vague enough for only me to be able to reasonably understand it.
The problem with this is that once we start encrypting password hints, we will need hints for our password hints for when the key is forgotten.
I know. It's just that there are certain "security professionals" who portray this as something very very sinister without actually explaining what are the vulnerabilities.
3 comments
[ 6.4 ms ] story [ 20.1 ms ] threadThe problem with this is that once we start encrypting password hints, we will need hints for our password hints for when the key is forgotten.