• tillary@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    If there were a data breach where a hacker could figure out the encryption algorithm, you don’t want users to reuse an older password because those older passwords could’ve already been cracked.

    By the way, this is why you should also never use the same password for every site. If one of your passwords is leaked and linked to a similar username or email, everything is vulnerable. I’ve had this happen before (the Target breach). After that I started using SSO exclusively, with a random 16 char password manager if SSO isn’t an option (crossing my fingers that bitwarden doesn’t get hacked like LastPass)

    • Mothra
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I understand when you are prompted to change, but not when you aren’t. As I mentioned in another comment I remember Epic basically trolling me into resetting my password almost daily at some point

      • tillary@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        There could be many reasons they don’t prompt you to change: they meant to send an email but your notification preferences disallowed it, they sent an email and you missed it, they wanted to keep it quiet, they forgot to add the message and ux flow to change password, or they’re incompetent and didn’t know they needed to do that.

        The Epic thing I’ve never seen before but that’s definitely incompetence and/or a very weird bug that just slipped past them.