Just encountered a system which has a max password length of 15 characters... Why is this still a thing?


Even stranger is that it allowed me to register with a password longer than that, but to log in I need to only enter the first 15 characters of the password I registered with

@JamesMcK Oof... Then they must be using plain text passwords. I'd get out of there if I were you.

There's no way to do something like that if the password hash is properly derived with bcrypt or argon, or even with standard hash algorithms like sha2.

@JamesMcK This is really dumb. My old bank only allows for 12 and no special characters. I'm almost certain systems like this only exist because the password is stored plain text.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.