Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Ashelyn
    link
    fedilink
    English
    arrow-up
    23
    ·
    edit-2
    3 months ago

    Years back, I had that happen on PayPal of all websites. Their account creation and reset pages silently and automatically truncated my password to 16 chars or something before hashing, but the actual login page didn’t, so the password didn’t work at all unless I backspaced it to the character limit. I forgot how I even found that out but it was a very frustrating few hours.