I tried to fill the registration form with my login and password. After five attempts, each refused with message password too short or too long my frustration hit a limit.
First, I would like to know whether you claim my password as too short or too long.
Second, what's the point in limiting password length if it's hash has a fixed size, independent on password length? Or maybe you don't hash the passwords? Ekhm...
Advice: Do not put unreasonable constraints on user password. Simplifying password reduces safety and, hence, your credibility.
Observed at: www.rockserwis.pl
No comments:
Post a Comment