The number of times I've gone through that only to have it fail without explanation when I exceed the length limit - forcing me to guess if that must be the issue - is FAR higher than it should be.
And fuck any system that doesn't provide the criteria up front.
Also fun is when the field to initially set the password is also character limited and you choose a password that’s longer than the field but don’t notice until you’ve set it and get repeated login failures afterward
Yeah that nearly makes me want to smash something when it happens. Anyone that silently truncates passwords should NOT do it, or at least truncate the creation AND login forms. Just say the limit and give a error, or handle extra input the way you're supposed to in the enceyption algorithm and hash it to to the correct length. A length limit of say, the amount of bits the encryption key has, like 32/64/128 chracters for 256/512/1024 bit, is reasonable, any other limit is stupid.
The number of times I've gone through that only to have it fail without explanation when I exceed the length limit - forcing me to guess if that must be the issue - is FAR higher than it should be.
And fuck any system that doesn't provide the criteria up front.
Also fun is when the field to initially set the password is also character limited and you choose a password that’s longer than the field but don’t notice until you’ve set it and get repeated login failures afterward
Yeah that nearly makes me want to smash something when it happens. Anyone that silently truncates passwords should NOT do it, or at least truncate the creation AND login forms. Just say the limit and give a error, or handle extra input the way you're supposed to in the enceyption algorithm and hash it to to the correct length. A length limit of say, the amount of bits the encryption key has, like 32/64/128 chracters for 256/512/1024 bit, is reasonable, any other limit is stupid.