If they’re able to determine that you’re using a similar password, it’s because they’re not hashing your passwords and are storing them as plaintext. You should run far far away from any site or service that is able to enforce similarity rules. Because when you properly hash a password, even a minor difference such as upper/lowercase will produce a wildly different result.
I’ve been wondering about that. I think they get around it by using the “enter your current password” prompt, so they potentially have it in cleartext for the duration of the session.
If they’re able to determine that you’re using a similar password, it’s because they’re not hashing your passwords and are storing them as plaintext. You should run far far away from any site or service that is able to enforce similarity rules. Because when you properly hash a password, even a minor difference such as upper/lowercase will produce a wildly different result.
I’ve been wondering about that. I think they get around it by using the “enter your current password” prompt, so they potentially have it in cleartext for the duration of the session.