423
you are viewing a single comment's thread
view the rest of the comments
[-] newsonic@lemmy.world 2 points 1 year ago

Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.

[-] peter@feddit.uk 18 points 1 year ago

A hashed password is always the same length though is it not?

[-] dan@upvote.au 3 points 1 year ago

The length limit is mostly for the user's sake - companies don't want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.

[-] david@feddit.uk 2 points 1 year ago

That's really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.

[-] conciselyverbose@kbin.social 8 points 1 year ago

Ignoring that they must be hashed to be acceptable and that it's not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it's literally impossible for a 128 character password limit to be beneficial in any way.

A limit below that demonstrably lowers security by a huge margin.

[-] Sonotsugipaa@lemmy.dbzer0.com 4 points 1 year ago

Ok but are 15 characters too much?

I've seen 14-char limits, which are NOT reasonable

there is at least one bank that I know of with a 12 character limit

[-] dan@upvote.au 3 points 1 year ago

There's a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.

Yikes, how do banks, of all things, have such low password limits...

this post was submitted on 17 Jul 2023
423 points (88.7% liked)

Programmer Humor

32571 readers
363 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS