From time to time I see systems that don't allow passwords longer than 8 chars: isn't that a security risk? What am I missing, here, that might have lead to such decision?
Asked
Active
Viewed 99 times
2 Answers
1
Yes, absolutely, it is poor design from a security perspective. You're not missing anything. It could result from historical inertia (a lousy excuse) or from ignorance.
See What technical reasons are there to have low maximum password lengths? and Do passwords need a max length?.
D.W.
- 167,959
- 22
- 232
- 500
1
The reason is saving space. In the old days every byte was precious, and security didn't matter because everyone was a nice person.
Andrej Bauer
- 31,657
- 1
- 75
- 121