I'm still waiting for NIST to deprecate plain-text\* passwords in favor of PAKE,... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		anilakar on Sept 25, 2024 \| parent \| context \| favorite \| on: NIST to forbid requirement of specific passwords c... I'm still waiting for NIST to deprecate plain-text* passwords in favor of PAKE, and W3C to come up with a mechanism for that. *) plain-text here means any and all methods that give the attacker access to the original password, including modifying client-side JS.

gazby on Sept 25, 2024 | [–]

They've been working on just this bit for the better part of a decade. It'll happen (passkeys I imagine), just slower than most of us would like.

GoblinSlayer on Sept 27, 2024 | [–]

Adoption of PAKE was hampered by patents. Password managers solve the problem anyway.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact