Yes, because now you know their password. Which is bad.
It also means if you want to bruteforce something, you dont have to bruteforce every account separately.
Last of all, to even implement that you would need to be storing the passwords unsalted in the db, which is huge no-no.
In any case, this is an article about bad practises, but the first screenshot was fake according to the text.
Yes, because now you know their password. Which is bad.
It also means if you want to bruteforce something, you dont have to bruteforce every account separately.
Last of all, to even implement that you would need to be storing the passwords unsalted in the db, which is huge no-no.
In any case, this is an article about bad practises, but the first screenshot was fake according to the text.