Learn More
Resend Email
7
devphobe
4y

Must contain 8-18 characters, 1 lower, 1 upper and 1 special character. Cannot be the same as email address.

18? Why fucking 18 characters? That's not any pragmatic limit. What fucking product owner came up with that requirement?

rant
Favorite
Ranter
Comments
  • 1
    4y
    Standard business people in 2020. I wish it were possible to osmotically transfer awareness of their ignorance and its toll on quality.
  • 8
    4y
    You missed the, can not contain $ & @ or # due to system limitations.
  • 1
    4y
    @C0D4 I actually understand that one. Those characters are typically not allowed in XML without escaping, thus the limitation. But a random character count ? There's no technical limitation there.
  • 0
    4y
    @devphobe
    Haha , I know that, but I wouldn't expect that at a login/registration process.

    As for the limit, something like bcrypt with a bucket load of cycles maybe?

    But yea overall it's a useless limitation unless... it's not.
  • 2
    4y
    So at one registration site the limit to pw length was solely a max=18 in the Input-Element.
    No further fe validation / no be validation.

    I just use decent pws :)
  • 0
    4y
    @C0D4 Bcrypt does have a limit.

    https://security.stackexchange.com/...
  • 0
    4y
    @hahascript @C0D4 but what stops you from basing before then to <= 51 bytes ?
  • 0
    4y
    @dder If only I knew why Bcrypt has such a weird limitation
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment