Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
this post was submitted on 18 Aug 2024
830 points (98.8% liked)
Cybersecurity - Memes
1899 readers
227 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How to properly set password requirements on your website. Accept any utf8 string. Have a nice day.
It's all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.
Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.
One would hope so anyway,
The above conflicts directly with OP's
Accept any utf8 stringI opened an account in 2014 and I'm still uploading my password.
If you aren't required to use an upload manager, are you really setting a solid password :thinking:
Can't trust an upload manager not to be hacked. I employ a team of typists in India.
Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can't be reused.