this post was submitted on 17 Jul 2023
420 points (88.6% liked)

Programmer Humor

32483 readers
487 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Sonotsugipaa@lemmy.dbzer0.com 35 points 1 year ago (26 children)

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[–] newsonic@lemmy.world 2 points 1 year ago (3 children)

Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.

[–] peter@feddit.uk 18 points 1 year ago (1 children)

A hashed password is always the same length though is it not?

[–] dan@upvote.au 3 points 1 year ago (1 children)

The length limit is mostly for the user's sake - companies don't want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.

[–] david@feddit.uk 2 points 1 year ago

That's really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.

[–] conciselyverbose@kbin.social 8 points 1 year ago

Ignoring that they must be hashed to be acceptable and that it's not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it's literally impossible for a 128 character password limit to be beneficial in any way.

A limit below that demonstrably lowers security by a huge margin.

[–] Sonotsugipaa@lemmy.dbzer0.com 4 points 1 year ago (1 children)

Ok but are 15 characters too much?

I've seen 14-char limits, which are NOT reasonable

[–] totally_notAcat@lemmy.blahaj.zone 2 points 1 year ago (1 children)

there is at least one bank that I know of with a 12 character limit

[–] dan@upvote.au 3 points 1 year ago (1 children)

There's a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.

Yikes, how do banks, of all things, have such low password limits...

load more comments (22 replies)