I've seen on many sites in the registration page that the password should have also a maximum length (between 15 and 100 characters). Except for DDOS attacks, is there a reason for this rule, giving the fact that the password will be hashed and only the hash will be stored?
Asked
Active
Viewed 76 times
1
-
To reduce the probability of the user forgetting the (long) password and sending in frequent Forgot Password requests? Most likely not the real reason but just thinking out loud... – Ajoy Bhatia Nov 27 '17 at 22:53
-
1Not a dupe, the linked question (and answer) are specifically about 8 character password limits. – Mike Ounsworth Nov 27 '17 at 22:54
-
Anyway, the answer is legacy. – Elias Nov 28 '17 at 09:20
-
So my conclusion is: Legacy and customer support load. – Buda Gavril Nov 29 '17 at 19:55