>After all, you aren't storing my password in it's raw form, so length shouldn't matter for your VARCHAR(30) database field, right?
How can Google (helpfully) tell me that I changed my password so many days ago? Am I over-thinking this? Is it possible they just save the salt and hash of all my previous passwords and when I enter a password, it checks against this list to tell when I changed my password? Just because they know what I entered is my previous password does not mean they actually keep my previous password in plain text, right? It makes sense in my head but I just wanted to ask to more knowledgeable people. Thank you.
I don't think so. Any password that's listed anywhere (like as an example in a blog post or comic) should be considered worthless. How do you know hackers haven't incorporated that into their dictionary?
6 comments
[ 2.6 ms ] story [ 24.5 ms ] threadHow can Google (helpfully) tell me that I changed my password so many days ago? Am I over-thinking this? Is it possible they just save the salt and hash of all my previous passwords and when I enter a password, it checks against this list to tell when I changed my password? Just because they know what I entered is my previous password does not mean they actually keep my previous password in plain text, right? It makes sense in my head but I just wanted to ask to more knowledgeable people. Thank you.