Protip: Web Developer Edition

If you’re going to limit your password field to 12 characters on your login page, you should probably also limit your password field to 12 characters on your registration page.

Related: As a general rule, if you’re going to have criteria for passwords, it’s probably best to let the user know that.

That way you don’t have someone who uses a password manager–like me–input a random 16 character password during registration, only to immediately have to use the “reset my password” feature because I can only put 12 of my 16 characters in the box.

1 comment to Protip: Web Developer Edition

  • David

    Why do so many web-based systems have such a pathetic max password length anyway? Is there perhaps a default strlen in apache/tomcat or something? What really blows my mind are the ones that require a minimum of 8, a max of (12, usually), and (insert other, stupid condition, like not starting with a number). It’s obvious they’re doing it wrong with regards to password storage.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>