this post was submitted on 18 Aug 2024
848 points (99.0% liked)

Cybersecurity - Memes

1995 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
848
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 57 points 3 months ago

OWASP recommendation is to allow 64 chars at least:

Maximum password length should be at least 64 characters to allow passphrases (NIST SP800-63B). Note that certain implementations of hashing algorithms may cause long password denial of service.

The lemmy-UI limit is reasonably close and as everything is open source, we can verifiy that it does hash the password before storing it in the database.

There is a github issue, too.