I registered recently, set my password the usual 99 chars random text (KeePassXC ftw), it was successful, tried to login, got something like "Password supplied is too long". After some trial and error I've found out the limit is 64 chars.
This should be written in the registration page, and an error displayed, if the user does use a longer password anyway, instead of accepting it.
I have no idea if the password got truncated, or malformed, as I have created a new password.
This is the related entry of the
members SQL table:
`passwd` varchar(64) NOT NULL DEFAULT '',
Not unreasonable to be preparing for the quantum age, but I think the individual, corporate and state secrets stored in this forum don't need stronger protection.
That length is perfectly fine by me, what is not is not displaying the needed max length, accepting the bad password and then the user having to find all that out at login. Even on login I had to go down by 10s, as the error message only said "too long", not a precise number.
Agreed, perhaps you should poke the Elkarte developers.
https://github.com/elkarte/Elkarte/issues/3790
My personal password policy is also prepared for the stated quantum age :D
I also created an account yesterday and used my default password length of 128 characters. After logging out and trying to log in again, I encountered this problem.
When I use the forgot password option to create a new password, no email arrives in my inbox 📬 to reset it. No, there is also no mail in the spam inbox ;)