This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.

  • JackbyDev@programming.devOP
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    3
    ·
    1 year ago

    It’s criticism directed at a service provider, not users. Service providers should assume users reuse passwords. Security is about protecting everyone.

    • schmidtster@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Than direct it at the service provider? Oh wait it got fixed a while ago.

      Also where does their liability stop? Should they also just assume everyone is compromised? Where does the users onus come into play? I guess they shouldn’t send password resets than, since they should assume that their email is compromised already….

      Yeah that’s actually a terrible idea if they must assume that they must protect everyone. Sorry can’t reset your password your email must be compromised.

      • JackbyDev@programming.devOP
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        This is slippery slope bullshit and you know it. I’m not saying providers should have to magically prevent anything. I’m only saying they shouldn’t send you your password in an email. Crazy take, I know.

        Also, with regards to it already being fixed or not, when I made this thread I hadn’t seen anything about that in the other thread. I’m more just annoyed that people want to dunk on people with supposed gotchas while acting like sending a password in an email is okay somehow.

        • schmidtster@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          No it’s not slippery slope in this case, it’s what you’re suggesting and why it’s utter bullshit. But yes of course that’s the obvious defense to take there.

          You’re not only saying that, you said that they need account for everything. Two totally different things. Can’t have X and not have Y.

          Sending a password is okay in quite a few scenarios, you’re talking to broad again her. Also, maybe make sure you know the story before jumping on as well…? You’re making the issues worse not better.