Skip to main content
Topic: Registration password length (Read 1083 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Registration password length

I registered recently, set my password the usual 99 chars random text (KeePassXC ftw), it was successful, tried to login, got something like "Password supplied is too long". After some trial and error I've found out the limit is 64 chars.

This should be written in the registration page, and an error displayed, if the user does use a longer password anyway, instead of accepting it.

I have no idea if the password got truncated, or malformed, as I have created a new password.

Re: Registration password length

Reply #1
This is the related entry of the members SQL table:
Code: [Select]
  `passwd` varchar(64) NOT NULL DEFAULT '',
Not unreasonable to be preparing for the quantum age, but I think the individual, corporate and state secrets stored in this forum don't need stronger protection.

Re: Registration password length

Reply #2
That length is perfectly fine by me, what is not is not displaying the needed max length, accepting the bad password and then the user having to find all that out at login. Even on login I had to go down by 10s, as the error message only said "too long", not a precise number.
 

Re: Registration password length

Reply #5
My personal password policy is also prepared for the stated quantum age  :D

I also created an account yesterday and used my default password length of 128 characters. After logging out and trying to log in again, I encountered this problem.

When I use the forgot password option to create a new password, no email arrives in my inbox 📬 to reset it. No, there is also no mail in the spam inbox  ;)