This is without doubt terrible, we all know that. But it is not uncommon that web services leak passwords, so common that we are quite accustomed to it and expect it to happen from time to time.
This is not the right way to deal with the problem.
Authentication security for cloud services should be something that sits in the browser, not (only) on the server. This is done by 2factor auth, but that too relies too much on the server admin being good with security.
Maybe one solution would be that the router everyone has at home doubles as file server, and that all webapps files are stored there instead on the remote server? That would move the responsibility away from web devs (who often behave irresponsibly) to the ones writing the os for the router.
There are of course many ideas that are better than mine, but to let web devs have control of this is evidently not a good one. Something needs to change.
This is not the right way to deal with the problem.
Authentication security for cloud services should be something that sits in the browser, not (only) on the server. This is done by 2factor auth, but that too relies too much on the server admin being good with security.
Maybe one solution would be that the router everyone has at home doubles as file server, and that all webapps files are stored there instead on the remote server? That would move the responsibility away from web devs (who often behave irresponsibly) to the ones writing the os for the router.
There are of course many ideas that are better than mine, but to let web devs have control of this is evidently not a good one. Something needs to change.