• 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • Setting a max password length is sometimes done to prevent ddos attacks. Without it, attackers could just spam 1MB passwords constantly and force the login server to just spend all its cpu time hashing garbage.

    That being said, a password limit of under 20 characters probably just means they are just storing passwords in plaintext.