Is that not quit commen for invites/no user account shares?

Indeed, but one could easily argue that 128 bits of entropy aren't sufficient for a good invite token in the first place.

▲

pinkgolem a day ago | parent [-]

I am just puzzled why delifue calls something that, as far as I know is pretty standard across the industrie, bad practice

▲

treve a day ago | parent | next [-]

There's 2 cases being discussed. A UUIDv7 is a bad secret, but it's fine for many other ids. If I can guess your user id, it shouldn't really matter because your business logic should prevent me from doing anything with that information. If I can guess your password reset token it's a different story because I don't need anything else beyond that token to do damage.

▲

nesarkvechnep a day ago | parent | prev [-]

Because it is?

	▲	skrebbel 17 hours ago \| parent [-]
		No?