The more sites that have your password, the more of a chance there is that one of them stores it poorly, and it is widely known that people tend to reuse passwords and usernames. This is also why it is good practice not to reuse passwords, or at least not to reuse them between important sites and untrustworthy or casual sites.
For example, if a site stores your password as an unsalted MD5 hash, it's quite possible that your password can be recovered in a matter of milliseconds. There are many hashes, and fewer cryptographically secure hashes, and unfortunately it is common practice for ignorant or lazy programmers to use inappropriate hashes to protect passwords. You can, however, guess repeatedly until you get it right, if you know what you are guessing against.įor this reason, even though obtaining a hash of your password shouldn't (if the site is doing their security right) grant an attacker access to your account, there's a chance that they can eventually manage anyway, depending on how much they want it (and how strong or weak your password is). That is, you can't take '$2a$04$oz1NcysZk2CzLQs4BTLA5uPIIx.gNJN09IxuVJo8iGoXYP3KsctR.' And directly turn it into 'password'. The important part of this is that you can't go the other way. I am skipping a number of important security principles here because they don't matter for the purposes of this post, but know that there's more to it than just this. For example, the password 'password' might be turned into something like this: '$2a$04$oz1NcysZk2CzLQs4BTLA5uPIIx.gNJN09IxuVJo8iGoXYP3KsctR.' It's basically a one-way scramble of your password into a fingerprint that is sufficiently unique to be used for authentication. The way this is accomplished is with something called a cryptographic hash. The reason most sites have a mechanism to set a new password instead of tell you your old one is that they simply cannot tell you your old one in the first place. Commonly, services that require authentication will not store your password in a readable form, this is bad security practice and you should not trust any website or service that can 'tell you' your password with an important password. It is a secret that only you should know, and therefore only you can provide. If you using it to generate secure codes, then you are catastrophically mistaken as to the reason it exists. A password authenticates you to some system. This mostly applies to people who want to identify themselves on Nullpomino netplay, but applies to the concept of tripcodes in general, including on image boards. Whenever I see someone referring to a tripcode as a password, I try to put forth this little disclaimer, but I figured it wouldn't hurt to have a post to better explain what I mean and for people to refer to. Kertas Kerja Rancangan Perniagaan Butik Pengantin.