My dumbass read “github” and I had a small heart attack.
I was right there with you
Even if it was github, they have mandatory 2fa now which would help. Still some risks for people who reuse passwords on other services or if their 2fa got compromised (sim swaps), etc but wouldn’t be full blown catastrophic
I thought the point of salting was that the reuse doesn’t matter as much?
There’s always a chance you get phished and your password as a plaintext gets compromised. Using a same password makes it extra damaging.
The passwords are encoded using the SHA1 cryptographic hash, which is widely considered vulnerable.
Jesus, they’re not even using SHA-2. It’s been available for ages.
Move fast and break things!
“Things” in many cases includes “security”.
The passwords are encoded using the SHA1 cryptographic hash,
Bro…
