When you host a website, you have everyone’s passwords. So shouldn't you be capable of signing into their accounts and pretending to be them?

View this thread on: d.buzz | hive.blog | peakd.com | ecency.com

express·@chackerian·8 years ago

0.000 HBD

When you host a website, you have everyone’s passwords. So shouldn't you be capable of signing into their accounts and pretending to be them?

As others point out, secure services will **keep only the encrypted passwords** in the database in case of breaches. 

Occasionally you will come across a site (usually older) that doesn’t have this but it isn’t the norm.

Most sites however probably do have ways of accessing user accounts if an occasion to do so presents itself. What keeps the admin from doing this is integrity. There are probably some legal implications as well.

![download.png](https://steemitimages.com/DQmfL2Vie4a2EmQ5R2h5m21sWi9zzuhQz1PtjRwKTqr4sGp/download.png)

👍 chackerian, ccworld,

properties (23)vote details (2)