• bbbhltzOP
      link
      fedilink
      171 year ago

      Using the Outlook client with a none-Outlook email shares the data with Microsoft. So, a bit surprising.

    • ѕєχυαℓ ρσℓутσρє
      link
      8
      edit-2
      1 year ago

      Service providers aren’t actually supposed to know your password. Passwords should always be sent after hashing on client side. Only the hashes are matched on server side.

      Edit: Not accurate, read replies.

      • voxel
        link
        fedilink
        81 year ago

        nope hashing is usually done server-side.
        also counter-intuitively server-side hashing is considered more secure than client side (in case of client side hashing hash becomes the password)

        • ѕєχυαℓ ρσℓутσρє
          link
          31 year ago

          I’m not an expert in this, and I did look around after reading your comment. Looks like the password is usually sent as-is, then hashed server side, and matched against hashes in the database. So, the hashes are what’s stored in their database. So, ideally, the server shouldn’t know your password. Also, it can be hashed from client side too, but that becomes redundant since everything is tls encrypted anyway.