Colin Atkins

Joined March 20, 2019 9:35am

310 Experience

3 Lessons Completed

0 Questions Solved

Activity

Posted in Strong Passwords with HaveIBeenPwned Discussion

April 6, 2019 8:48am

Dear Chris,

Why would one send their users passwords over an relatively insecure HTTPS connection to a third party API? I like increased security but this makes no sense. We don't know who controls the API and if they log the sent passwords.

Am I missing something? Even if its hashed, it doesn't worth the risk.
If the password library was downloaded it would be good. Otherwise not.

Have you thought about that Chris?

Cheers

Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

Solutions

Rails Tutorials
Rails for Beginners course
Rails Courses
Rails SaaS Template
Deploy Ruby on Rails
Ruby on Rails Jobs

Courses

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Apps

Hatchbox.io

Jumpstart Rails SaaS Template

Other

Remote Ruby Podcast

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Colin Atkins

Activity

Posted in Strong Passwords with HaveIBeenPwned Discussion

Solutions

Support

Company

Legal