They’ll accept it, but won’t tell you they ignored everything after character n, and their login page won’t take anything but the “correct” password so you’ll be spending some time figuring out the actual character count limit…
No, they’ll accept it. Then on the log in page tell you the max limit is X, even though on the password creation page, the password length you used was X+Y
they don’t specify a limit so 64 character password it is.
My previous bank forced 8 characters with only numbers and letters.
Go all in, 1024 character password.
They’ll accept it, but won’t tell you they ignored everything after character n, and their login page won’t take anything but the “correct” password so you’ll be spending some time figuring out the actual character count limit…
No, they’ll accept it. Then on the log in page tell you the max limit is X, even though on the password creation page, the password length you used was X+Y
I have experienced this far too many times.
Even worse the password was accepted in full when registered, but the login field won’t accept the full length.
Fucking MICROSOFT did that with Hotmail
Not a big surprise, they did the same with Windows 98. Everything after the first 14 was silently dropped.
Bcrypt/Scrypt have a 72 byte limit. Developers can get around that by putting it through a regular hash first, but that’s not common.