Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is dangerously insecure.

Let's say badsite.com stores your password in plaintext and their database is compromised (or they're malicious actors in the first place who created the site with the purpose of gathering login credentials).

Now, an attacker who sees this will try go to gmail.com and enter the password gmail.com!@#t3st1ng (with your email address), or bankofamerica.com and try bankofamerica.com!@#t3st1ng.



Yeah, you're right. Maybe a more secure way would be make reddit.com unreadable. For example:

mctddr (backwards without dot and vowels)

r5d9t (change vowel with the position number in the alphabet and without repeated letters)

There are several ways to do it.


However clever you get with your mental encoding, it can be decoded by anyone at least equally clever.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: