all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Hashing a users credentials at client side before sending to server - a good idea?

Add to bookmarks
Feb. 3, 2023, 10:53 a.m. | /u/damn_tech

cybersecurity www.reddit.com

I note that a number of sites / applications send a users username and password to the server in plain text over HTTPS, where it is then processed by the backend to authenticate the user/issue a token etc. Let's discount HTTP entirely for this as we all know sending plaintext credentials over HTTP is a deadly sin.

I wonder whether a better practice might be that a users credentials are hashed at the client side before being sent to the …

applications backend client credentials cybersecurity discount etc hashing http https issue password plain text plaintext practice send server text token username

Visit resource

More from www.reddit.com / cybersecurity

Russian hackers attack Texas water facility 2 hours ago | www.reddit.com
cybersecurity
Are We Ready for a Cyber Attack on Food and Farming? : Authorities are working … 4 hours ago | www.reddit.com
agriculture attack cyber cybersecurity +9
2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) 5 hours ago | www.reddit.com
actively exploited adaptive security asa cisco +15
Sr. Analyst or Engineer Role? 7 hours ago | www.reddit.com
analyst ask cybersecurity engineer +8
Ring customers get $5.6 million in privacy breach settlement 7 hours ago | www.reddit.com
breach customers cybersecurity privacy +3
Nontechnical GRC 7 hours ago | www.reddit.com
auditor aware controls cybersecurity +8
FTC bans non competes. F yeah. 10 hours ago | www.reddit.com
bans cybersecurity ftc non
Has anyone tried SentinelOne's Purple AI? What are your thoughts on it? 10 hours ago | www.reddit.com
cybersecurity purple purple ai sentinelone +1
Is experience more valuable than a degree ? 11 hours ago | www.reddit.com
analyst cybersecurity cybersecurity analyst experience +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs