I doubt they’d do that. That’d just allow anyone to claim to be the rightful owner and get an easy way to brute force.
Might as well send me the hash of the password and let me locally brute force it.
Hmm… maybe I should ask. I doubt they do it tho.
Asthmatic_Goose@lemm.ee 1 year ago
“Hello, Bitwarden? I’d like to hack one of your customer’s accounts that I do not know the password to, allowing me to access all of the passwords you are storing for them. I mean me. Because it’s my account, I promise. Pretty please?”
xigoi@lemmy.sdf.org 1 year ago
But they do know most of the password…
SolOrion@sh.itjust.works 1 year ago
Doesn’t matter. Passwords aren’t stored as plain text in any scenario where it is even remotely important to security. It’s entirely too easy to access otherwise.
They have absolutely no way to confirm your password us accurate unless it’s accurate.
xigoi@lemmy.sdf.org 1 year ago
They do: since it’s only one word missing, they can easily brute-force it themselves.