Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • @[email protected]
    3330 days ago

    worst i’ve seen is 8 characters. precisely 8 characters, no more no less… it was for a bank …

    • @[email protected]English
      1630 days ago

      A major US bank that I used to use has case insensitive passwords, found that out one day when I noticed caps lock was on after logging in with no trouble

      • @[email protected]
        1230 days ago

        Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it’s at least hashed. I wouldn’t be surprised if it’s not.

        • @JustAnotherRando
          429 days ago

          I don’t think it could be hashed if it is case insensitive. It’s fairly early so I may be misremembering but I’m not aware of any hashing algo that ignores case.

          Edit: Ah, actually they could be storing the password as a hash, but they would probably have to do like a password. ToLower() call or something where they morphed the string before checking… The thought of which just makes me shudder.

    • @Donkter
      330 days ago

      The fact that it was a power of 2 makes me suspect lazy coding. That bank didn’t pay its programmers well enough.

    • @proton_lynx
      330 days ago

      No no, not 8 characters, 8 numerical characters!

      • JackbyDevEnglish
        530 days ago

        Whoa whoa whoa, did you use two of the same number in a row? Insecure!

      • @[email protected]
        330 days ago

        Numerical Chateaubriand*, and total sum must be less than 3.

        * okay Google, if that’s what you really think I meant to type.