[Discuss] Reusing Passwords on Different Sites Should be OK

[Bill Ricker]

Reusing passwords requires the users to know that the encryption is of a
safe variety.  Most users are not qualified to tell good crypto from bad
crypto.  Heck, most programmers can't be qualified to use good cypto
correctly.

Password Encryption done client-side must be handled very carefully to
avoid replay attacks yet still actually validate something.  Sounds like a
half-hearted attempt at Challenge-response.

tl;dr No.


​