Must contain 8-18 characters, 1 lower, 1 upper and 1 special character. Cannot be the same as email address.

18? Why fucking 18 characters? That's not any pragmatic limit. What fucking product owner came up with that requirement?

  • 1
    Standard business people in 2020. I wish it were possible to osmotically transfer awareness of their ignorance and its toll on quality.
  • 8
    You missed the, can not contain $ & @ or # due to system limitations.
  • 1
    @C0D4 I actually understand that one. Those characters are typically not allowed in XML without escaping, thus the limitation. But a random character count ? There's no technical limitation there.
  • 0
    Haha , I know that, but I wouldn't expect that at a login/registration process.

    As for the limit, something like bcrypt with a bucket load of cycles maybe?

    But yea overall it's a useless limitation unless... it's not.
  • 2
    So at one registration site the limit to pw length was solely a max=18 in the Input-Element.
    No further fe validation / no be validation.

    I just use decent pws :)
  • 0
  • 0
    @hahascript @C0D4 but what stops you from basing before then to <= 51 bytes ?
  • 0
    @dder If only I knew why Bcrypt has such a weird limitation
Add Comment