home.social

#credentialreuse — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #credentialreuse, aggregated by home.social.

  1. When you attempt to login on a website and it confirms that the email IS registered. I’ve heard that sites SHOULDN’T do that because it’s a security risk. How? How does knowing that X email is registered present a security risk? Is it due to the potential for credential stuffing / reuse attacks on that site or just user profile (I know Adam has an account at X)? #security #credentialreuse #credentialstuffing