• 2
    God fucking hell how stupid can someone be? Does the json-response contain the user by any change?

    DSGVO that fucker!
  • 5
    Is this "already been used" on your account? Or globally?
  • 1
    @junon It would be logical if it was referring to my passwords but this was me creating a temp account just to get freepiks.
  • 0
    @GiddyNaya wow. That's insane.
  • 5
    I just tested it. Several very bad things in terms of security:

    - They impose password character requirements, which is a no-no.
    - They impose a password maximum length, which is a no-no from a UX position as well as an indication they are not handling passwords securely at all.
    - They check the validity of an email address prior to signing up, which is poor UX and very unreliable in practice (especially for privacy-minded email services).
    - Their form is incredibly buggy, making it really easy to get into a broken state that can only be fixed after a refresh.

    Cut-rate developers it seems like. Don't put any valuable information into that site, I can't imagine it being secure.
  • 1
  • 0
    @junon why is checking the validity of an email address bad?
  • 1
    Meine Güte
  • 1
    @carboneum Because there is no guarantee the SMTP server is going to give you a real answer.
  • 0
    Besides telling that some user has already the same password, why do they even do such a check?
    I don't get it. What are they thinking? Is it insecure to have a password that is already used by someone else?
    I’d really like to know their reasoning.

    Unless, of course, it has some technical reason like the password is an ID for something... this gets more and more weird the more you think about it.
Add Comment