On Tue, Apr 26, Nicholas Leippe wrote: > Passwords are not infinite in length. I have never once found a system > that allows me to choose a password of arbitrary length. Every one I > have encountered has a hard upper limit on the length, usually 16-20, > some (including some banks--shudder!) as short as 8.
They're starting to be more common, because the hashed form is always the same length. Most of my passwords these days are 39 characters long, where allowed. Ironically, the places it isn't allowed are usually sites that store my financial information... I see no reason for password length restriction to be less than 127 characters. However, allowing a full megabyte would probably be excessive. Is there a best-practices limit? 1K, perhaps? - Eric /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
