DEV Community


Discussion on: What would it take to increase the password max length limit?

halans profile image
Jean-Jacques Halans

I might have missed it in the article (or previous one), but could you maybe mention that the maxlength attribute is a client side imposed limitation (which can be bypassed/increased) and might not even match the server side length input validation? So people reading are made aware they shouldn’t depend on this attribute at all? It may be obvious to us, but for other devs starting out, and based on the From/To image at the top, it may not.

mitchpommers profile image
Mitch Pomery (he/him) Author

I can definitely make that clearer in this post. The last post talked about the max length across systems (including the final server) and doing validation there.