Comment by skybrian
One improvement is that they use public key cryptography, so they will never show up on Have I Been Pwned due to poor website security.
But yeah, if you use a password manager you’re probably doing better than most people.
One improvement is that they use public key cryptography, so they will never show up on Have I Been Pwned due to poor website security.
But yeah, if you use a password manager you’re probably doing better than most people.
If they wanted to improve things, they could include a small little xml link in their password change and registration pages that tells my password manager what passwords are allowed so it could auto-generate them rather than me trying to find out that they disallow anything longer than 32 characters, or that the ampersand isn't permitted. (Or, like years ago, when I discovered that Adobe didn't disallow long passwords they just truncated them to 64 characters internally and wouldn't accept the longer one after.)