Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
Poor input sanitization probably.
I’m not saying it was a soft rule where the form refused to validate my input. It was an actual, fully-described rule in the bulleted list among the other rules. For whatever reason they specifically went out of their way to enforce it. And I cannot fathom why they would.
I understood what you meant, it doesn’t change my answer though
The back-end environment could have at least a few ways to screw things up if, for example, they were passing the password thru a shell script to hash it and had poor sanitization of the input
!, #, and $ can be particular troublemakers at the start of a string, there’s probably more I’m not aware of too.