Ask HN: Is hotmail.com/outlook.com storing passwords in clear text?
When you have to reset or change your hotmail/outlook password you can not use a previous password or a variation of it. I can understand not using the exact same password and checking it against a previously stored hash, but how can they know a various of my pass without storing it in clear text? Example if I user QWERTASDFG as my pass they will not allow QWERTASDFG!@#$% as my reset pass? The hash for these 2 passes would be completely different so how do they pull this off.
5 comments
[ 8.6 ms ] story [ 29.8 ms ] threadThat is a little different. Its one thing to check against a list of restricted words common to everyone and a list of previous passwords used by a single user.