Hacker News new | past | comments | ask | show | jobs | submit login

> This only proves they aren't encrypting passwords on the fly. And have, and do, the ability to read your password.

Not at all. They could simply be checking against rules before hashing the password. Pretty much any passworded system already does this in order to enforce minimum length rules.




Password length rules are enforced at form submission time, before the account is opened - whereas the twitter post says the account was opened, then permaclosed.

If that's their password length checker, they've got the maddest password length check design I've ever heard of.


That's not what the Twitter post says, at all.

> Recently, I decided to change the password.

and in a subsequent tweet:

> Within 45 SECONDS of me changing the password, my WeChat account was permanently closed.

Nearly instant, likely automated based on that timeline, and immediately after a "change password" form submission.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: