Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I’d assume. It’s bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

  • graycube@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    21 hours ago

    If you allow unlimited length inputs of any kind, someone will break your system. 11 is way too short. But you do need some sort of maximum, even if it is very large.

    • invertedspear@lemm.ee
      link
      fedilink
      arrow-up
      14
      ·
      15 hours ago

      If you’re storing the password in the form the user entered it, you’re doing it wrong already.

      • graycube@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        10 hours ago

        Even if you aren’t storing it, if you allow unlimited length someone will break your stuff.