4 comments

[ 5.1 ms ] story [ 20.1 ms ] thread
My bank does the same bullshit, 8 characters alphanumeric at most.
Isn't there some initiative by now to actually educate people on proper password security?
This kind of thing drives me crazy. Why not allow special characters? The only conceivable reason is so that your app doesn't get SQL-injected or otherwise hijacked -- which is why God invented the character escape.

Limiting the number of chars as a security measure? I'd make fun of this but it's just too easy and stupid.

Don't know for sure, but I have a persistent suspicion that some people are passing unencoded passwords as shell arguments. It's the only explanation I can come up with.

Not that that makes it acceptable, of course -- or even any less astonishing.