847
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] cron@feddit.org 57 points 3 months ago

OWASP recommendation is to allow 64 chars at least:

Maximum password length should be at least 64 characters to allow passphrases (NIST SP800-63B). Note that certain implementations of hashing algorithms may cause long password denial of service.

The lemmy-UI limit is reasonably close and as everything is open source, we can verifiy that it does hash the password before storing it in the database.

There is a github issue, too.

this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS