Who would enforce it on any website? The US government, or W3C, or IANA? Everyon... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		OedipusRex on Sept 28, 2016 \| parent \| context \| favorite \| on: Defending Against Hackers Took a Back Seat at Yaho... Who would enforce it on any website? The US government, or W3C, or IANA? Everyone talks about a free and open web and no one wants someone poking around behind the scenes. I don't trust anyone to enforce password rules for fear of exploitation. The user is responsible for their password security and it should stop there. That being said, Yahoo should have force reset passwords.

bkjsbkjdnf on Sept 28, 2016 [–]

> The user is responsible for their password security and it should stop there.

That would be true if the user created, stored, authenticated the password himself.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact