Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.
It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.