Yeah, they could force a password update at some point to ensure passwords meet the new requirements.
You need to not just force the update, but also forbid using pre-updated ones in migration, since someone might conceivably have an off-for-many-years device they wake up and want to migrate.
The long tail of stupid edge cases is very long indeed.
alt Hacker News
You need to not just force the update, but also forbid using pre-updated ones in migration, since someone might conceivably have an off-for-many-years device they wake up and want to migrate.
The long tail of stupid edge cases is very long indeed.