re: What are the worst security practices you've ever witnessed? VIEW POST

re: Yes, I had to implement that 🤦‍♂️ What was the reasoning here?

Pretty much any actual action taken that reduces security is done in the name of convenience. In the case of max password lengths, it could be due to a really naive SQL implementation where there's a max character length in a plaintext field, but it's much more likely that some manager saw that 90% of the help desk time was spent resetting passwords and thought "Well if we make the passwords shorter, people will stop forgetting them."

code of conduct - report abuse