Password length limits

I understand being strict and having the usual rules; need an upper and lower case character, a number, a special character, and a minimum password length. It just makes good sense to have a complicated passwords.

However, I’ve ran into a few places that limit the length of the password. What? Limit the length of the password to 12 characters? Are you kidding me? If I want a 30 character password, then I damn sure should be able to have one. Things such as Password Safe exist for that very purpose.

You know what a password length limit screams to me? Storing it in plain text. The only logical reason I can think of to limit the length of a password to such a short length is the field in the database for it isn’t very big. Hashes can get quite long, even more than 30 characters, so if you ever run into an authentication system that doesn’t accept long passwords, don’t use it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>