10 sats \ 6 replies \ @kepford 6 May \ on: SN release: hash emails, detail on nym hover, CLN over tor, bottom nav, and more meta
Here's an idea.
Every web site should hash not only passwords but also email addresses....
This seems like an obvious move with our daily reports of data breaches. The best way to secure data is to not have it. The second best is to hash it.
reply
I should have added the tradeoffs. Honestly, it hadn't occurred to me before reading your post...
But it seems obvious now. Many of us use junk email addresses or email aliasing services but man if this became more standardized as a practice it could do a LOT of info security of the masses.
I haven't thought through the tradeoffs but one that jumps to mind are email marketing services.
reply
The biggest downside for customers is not getting important updates/info because the site has no way of contacting you out of band.
The biggest downside for companies is the above + marketing.
I ran into this with https://gitern.com/ ... we used ssh pubkeys for login so I couldn't contact the customers! It sucked when I wanted to get feedback ... but it was also part of the appeal.
reply
reply