Why does it matter to the user how many characters are in the password? Xe never... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Piskvorrr on Jan 22, 2014 | parent | context | favorite | on: Ask HN: Password best practices?

Why does it matter to the user how many characters are in the password? Xe never interacts with that string directly anyway; and password _length_ strongly correlates with password _strength_. 16 is way, way too low - the rainbow tables for this size are already widely available, and most sites still go for the lowest security possible (single password hash, unsalted).

Suitov on Jan 22, 2014 [–]

I go for 64 as a default length, but it's surprising how many sites respond with "No! You can't havee more than 8/10/12 characters or I'll sulk!" Makes me extremely suspicious re: just how they're storing them.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact