but they don’t want to come out and tell you about it.
It also doesn’t require a code change to continue blaming the user when you invalidate all current passwords.
It’s a couple database queries to move all current passwords to old passwords, and change current (hashed) password for everyone to “deadbeef”. Nobody can guess a value that adds to their salt and hashes to “deadbeef”, and you get this behavior.
It also doesn’t require a code change to continue blaming the user when you invalidate all current passwords.
It’s a couple database queries to move all current passwords to old passwords, and change current (hashed) password for everyone to “deadbeef”. Nobody can guess a value that adds to their salt and hashes to “deadbeef”, and you get this behavior.