Passwords stored in cookies, resetting passwords by just knowing the user's DOB, not even having passwords. This all kinds of tom-fuckery

https://www.troyhunt.com/reckon-youve-seen-some-stupid-security-things-here-hold-my-beer/?utm_content=bufferf29d2&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer