Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.
The length limit is mostly for the user’s sake - companies don’t want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.
That’s really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.
Ignoring that they must be hashed to be acceptable and that it’s not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it’s literally impossible for a 128 character password limit to be beneficial in any way.
A limit below that demonstrably lowers security by a huge margin.
Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.
A hashed password is always the same length though is it not?
The length limit is mostly for the user’s sake - companies don’t want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.
That’s really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.
Ignoring that they must be hashed to be acceptable and that it’s not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it’s literally impossible for a 128 character password limit to be beneficial in any way.
A limit below that demonstrably lowers security by a huge margin.
Ok but are 15 characters too much?
I’ve seen 14-char limits, which are NOT reasonable
there is at least one bank that I know of with a 12 character limit
There’s a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.