from here and here |
All the comments I've seen about this so far have assumed this was about end users, which is fair because most people are end users so of course they would see if from that perspective. In reality, though, this is about system designers/architects. You know, the people who make sites and are supposed to hash your password rather than storing the plain text (or reversibly encrypted) version of it? Yeah, if that site says your password is too long it means they aren't hashing the passwords and so are doing it wrong.