I'm coming round to the view that services should avoid implementing their own username and password system. It's easy to screw up (cf crypto) such that a DB compromise leaks users' passwords for other sites.
It's also more convenient for users, who don't need a pw manager.
miniblog.
Related Posts
Using spaced repetition apps with 1Password to help you memorise passwords without storing them in plaintext: https://boinkor.net/2018/11/memorizing-passwords-with-anki-1password/
Cute idea, although ideally a password manager minimises the memorisation necessary. It's a nice example of composing apps though.
There are periodic dumps of usernames and passwords acquired maliciously, forcing people to change passwords.
Presumably it's only a matter of time before we start seeing similar dumps of wi-fi passwords?
Inferring passwords typed on phones based on how hands block WiFi signals: https://fermatslibrary.com/s/when-csi-meets-public-wifi-inferring-your-mobile-phone-password-via-wifi-signals (incredible!)