What is the sense of permiting the user to use no passwords longer than xx chars?

Posted by reox on Stack Overflow See other posts from Stack Overflow or by reox
Published on 2012-04-05T11:11:19Z Indexed on 2012/04/05 11:28 UTC
Read the original article Hit count: 294

Filed under:
|
|
|

Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter.

I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"...

also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem?

i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

© Stack Overflow or respective owner

Related posts about database

Related posts about security