Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
You must log in or register to comment.
How to properly set password requirements on your website. Accept any utf8 string. Have a nice day.
It’s all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.
Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.
hashed, which means they take up a fixed size
One would hope so anyway,
you should have form upload size limits
The above conflicts directly with OP’s
Accept any utf8 stringI opened an account in 2014 and I’m still uploading my password.
If you aren’t required to use an upload manager, are you really setting a solid password :thinking:
Drives me nuts when this happens.
My favorite was “Your password must begin with a letter”
“Otherwise our database may misinterpret it as a number when we store it in pain text”
pain text
Accidentally accurate
worst i’ve seen is 8 characters. precisely 8 characters, no more no less… it was for a bank …
A major US bank that I used to use has case insensitive passwords, found that out one day when I noticed caps lock was on after logging in with no trouble
Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it’s at least hashed. I wouldn’t be surprised if it’s not.
they store the passwords as filenames on a windows system
