• 0 Posts
  • 9 Comments
Joined 1 year ago
Cake day: June 20th, 2023
  • zzz@feddit.detoAsklemmy@lemmy.ml*Permanently Deleted*English
    2·
    1 year ago

    I mean, if we’re being pedantic, there’s a reasonable technical limit once the password reaches multiple MBs of data.

    But yes, there’s no good reason for the actual limits we’re seeing out in the wild.

    Yes @evatronic, this is of course what I meant with “except if the js starts crashing maybe”. I’m aware that hashes end up with the same length, no worries 😄

  • zzz@feddit.detoAsklemmy@lemmy.ml*Permanently Deleted*English
    6·
    1 year ago

    Sure. Banks should be enforcing that instead of special characters. But the vast majority of people would just choose “football” or “password” as their passwords if they weren’t required to do something more complex.

    Ironically though, something like

    IveLovedUsingFootballAsMyPassword!EverSinceThe1980s.

    as a password would be miles ahead of even the most random character combination possible, but which is only 12-20 characters long.

    And as an added bonus, the above example is practically guaranteed to have never been used before, in addition to being correct horse battery staple (that is, tremendously easy to remember).

    I hate when a website/app in this day and age imposes an absurdly low upper password character limit like 30. (cough looking at you, PayPal, when I re-set my password a few years ago it was freaking 20, not exaggerating).

    Shouldn’t password length below like 100 (or realistically, any length until it starts crashing the js behind it?) not matter anyways, since it’s all salted, peppered and hashed before further processing anyways?