Quote:
each password should generate a unique hash, breakable only by brute-force attempts
|
Logically I don't see how this is possible, a password that is encrypted must be eventually decrypted to log into the site. If this magic key isn't requested from the user then it must be stored somewhere, which from your point of view makes it insecure.
Quote:
By adding this feature, you are admitting that there is a security risk
|
The encryption used to protect the passwords was good enough for most people. This feature was added by popular demand. Nothing more, nothing less.
Most programs that contain passwords/private information encrypt it using weak methods or methods that can be reverse engineered. That's just the way it is.
Application Password Protection was designed to take it a step further. The majority of the users who use this feature have no complaints. From a marketing stand point majority rules..