this post was submitted on 17 Jul 2023
401 points (89.1% liked)

Programmer Humor

32453 readers
681 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 34 points 1 year ago (26 children)

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[–] [email protected] 1 points 1 year ago (3 children)

Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.

[–] [email protected] 11 points 1 year ago (1 children)

A hashed password is always the same length though is it not?

[–] [email protected] 3 points 1 year ago (1 children)

The length limit is mostly for the user's sake - companies don't want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.

[–] [email protected] 2 points 1 year ago

That's really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.

[–] [email protected] 7 points 1 year ago

Ignoring that they must be hashed to be acceptable and that it's not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it's literally impossible for a 128 character password limit to be beneficial in any way.

A limit below that demonstrably lowers security by a huge margin.

[–] [email protected] 4 points 1 year ago (1 children)

Ok but are 15 characters too much?

I've seen 14-char limits, which are NOT reasonable

[–] [email protected] 2 points 1 year ago (1 children)

there is at least one bank that I know of with a 12 character limit

[–] [email protected] 3 points 1 year ago (1 children)

There's a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.

[–] [email protected] 2 points 1 year ago

Yikes, how do banks, of all things, have such low password limits...

load more comments (22 replies)