• Meganium97@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    edit-2
    1 year ago

    | Creates account with service provider

    | Surprised when megically, service provider has password

    I don’t get it.

    • bbbhltz@beehaw.orgOP
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      Using the Outlook client with a none-Outlook email shares the data with Microsoft. So, a bit surprising.

    • ѕєχυαℓ ρσℓутσρє@lemmy.sdf.org
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Service providers aren’t actually supposed to know your password. Passwords should always be sent after hashing on client side. Only the hashes are matched on server side.

      Edit: Not accurate, read replies.

      • voxel@sopuli.xyz
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        nope hashing is usually done server-side.
        also counter-intuitively server-side hashing is considered more secure than client side (in case of client side hashing hash becomes the password)

        • I’m not an expert in this, and I did look around after reading your comment. Looks like the password is usually sent as-is, then hashed server side, and matched against hashes in the database. So, the hashes are what’s stored in their database. So, ideally, the server shouldn’t know your password. Also, it can be hashed from client side too, but that becomes redundant since everything is tls encrypted anyway.