Why do we insist on low (for a computer) upper bounds on password length? 6-20 characters? Why 20? Why not 200? Why not 2000? I sure hope we aren’t citing storage concerns, because I’d have to berate someone for storing something other than a hash, and the 20 and 2000 character passwords would have the same length hash. Is there some real reason?
Follow
@svetzal But the dev made a varchar(20) table field datatype. It was a nice number that they liked. They also copy pasted a regex validator from a web search result dated 2008.
Are you looking for a security oversight, some kind of policy adherence in the proof of concept they did at a hackathon that sales and product saw as FREE software to release to production? XD
