I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).
Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )
Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe
That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).
Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )
Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe
That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that