Hacker News new | past | comments | ask | show | jobs | submit login

Evite is willing to sacrifice security for usability. Which makes sense, because it doesn't really matter if someone hacks your Evite account.



I don't think hacking the evite account is the problem. With many people using the same password across multiple accounts, getting their evite password may also be giving the password to countless other systems. So they are essentially sacrificing the security of their users, not just their own application.


I agree that people do that, and that ideally a website would would not email someone their password for the simple reason that people do recycle passwords.

But, the onus here should really be on the user. If they are careless enough to use the same password for everything, they are indicating that they are willing to trade some security for convenience. In my opinion, emailing users their password is just another security/convenience trade-off. I'd be upset to get my password sent in plantext from my bank, but not an invite website.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: