Largest Study of its Kind Shows Outdated Password Practices are Widespread::undefined

  • 9point6@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Depends on the limit really, if the limit is 32 characters or something like that, definite red flag.

    If the limit is something like 250 or more characters, I’m more inclined to believe it’s basic protection from all the things that can go wrong when someone repeatedly POSTs whatever the maximum amount of garbage that your server’s request limit allows, at an API that performs cryptographic work.