Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Getting the State involved is just a different, much worse threat actor than Google, though. From this discussion it should be evident how much more sovereignity passwords give you, if you want the State involved it should regulate websites' policies on passwords, such as: no service shall be hostile to password managers (special character bans, short limits on length, no pasting), no service shall require regular password resetting (proven to worsen security).

State involvement may be better used in policing, too. Public repositories of leaked passwords (without usernames, of course) would do wonders, for example



I use a layered approach for passwords. If I don't trust the site and they're not getting my financial information, I'm glad to use Password1234%

Google frequently warns me that one of my passwords has compromised but I don't really care for those sites.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: