Colin Atkins


310 Experience
3 Lessons Completed
0 Questions Solved


Posted in Strong Passwords with HaveIBeenPwned Discussion

Dear Chris,

Why would one send their users passwords over an relatively insecure HTTPS connection to a third party API? I like increased security but this makes no sense. We don't know who controls the API and if they log the sent passwords.

Am I missing something? Even if its hashed, it doesn't worth the risk.
If the password library was downloaded it would be good. Otherwise not.

Have you thought about that Chris?


logo Created with Sketch.

Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

© 2021 GoRails, LLC. All rights reserved.