> but literally every site with passwords can do that by default, it just needs a general admin U...

Marsymars • last Wednesday at 9:48 PM • 1 reply • view on HN

> but literally every site with passwords can do that by default, it just needs a general admin UI which almost always exists.

Most sites/systems that are designed for security won't have such an admin UI - passwords should generally not be handled in a way where anybody other than the user is ever able to know what they are.

Replies

Groxx • last Wednesday at 9:57 PM

"I can erase a securely hashed password and set a new one" is very common and generally seen as safe, and does not at all require being able to "know what [the current password is]".

Most can do this. As a concrete example, phpMyAdmin has UI specifically for editing password fields: https://www.wpbeginner.com/beginners-guide/how-to-reset-a-wo...

alt Hacker News

Replies