Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"In contrast, when a system has end-to-end encryption, losing a password is catastrophic; it means losing all data in the user’s account."

Um... what? Can't the user just reset his/her password, instead of a website emailing him/her the old password?...



You can't 'reset the password' on gigabytes of already encrypted data. Lose the key, you've effectively lost the data.


Er, not if it's the password to the private key.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: