• arefx@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Spotify won’t let you use a password you’ve used in the past at all so now I don’t even know what my password for it has evolved into and I just reset my password and type something random in every time I need to log in lmao

  • FARTYSHARTBLAST@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Might be you got your password scrambled after a compromised account: It denies attackers the opportunity to use your compromised password.

  • Mothra@mander.xyz
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Why does this happen though? I always wondered why is it that a platform recognises your old password only when you are trying to change it

    • tillary@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      If there were a data breach where a hacker could figure out the encryption algorithm, you don’t want users to reuse an older password because those older passwords could’ve already been cracked.

      By the way, this is why you should also never use the same password for every site. If one of your passwords is leaked and linked to a similar username or email, everything is vulnerable. I’ve had this happen before (the Target breach). After that I started using SSO exclusively, with a random 16 char password manager if SSO isn’t an option (crossing my fingers that bitwarden doesn’t get hacked like LastPass)

      • Mothra@mander.xyz
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I understand when you are prompted to change, but not when you aren’t. As I mentioned in another comment I remember Epic basically trolling me into resetting my password almost daily at some point

  • majestictechie@lemmy.fosshost.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I always find these types of posts frustrating. Apart from your desktop password, a password manager solves a lot of these issues. Just make the password manager super secure, use 2fa and then auto generate all other passwords.

      • sloppy_diffuser@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        There are self-hosted options with strong encryption. My BitWarden vault is just as secure as if my laptop were stolen. Argon2id to secure the key for AES256 encryption.