this post was submitted on 18 Aug 2024
851 points (98.9% liked)

Cybersecurity - Memes

2150 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188
neurohost
[email protected]
[email protected]
CannaVet
851
Password length requirement (feddit.org)
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/cybersecuritymemes
170 comments fedilink hide all child comments
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 57 points 5 months ago

OWASP recommendation is to allow 64 chars at least:

Maximum password length should be at least 64 characters to allow passphrases (NIST SP800-63B). Note that certain implementations of hashing algorithms may cause long password denial of service.

The lemmy-UI limit is reasonably close and as everything is open source, we can verifiy that it does hash the password before storing it in the database.

There is a github issue, too.