Skaruts on 14/6/2023 at 11:22
Hi, I would just like to point out it would be nice if the password forms (for registering, changing password, etc) stated what the maximum allowed password length is (about 50 chars).
This would help prevent what just happened to me: I was changing password, and it turned out my new password was too big, but the form didn't complain at all, it just silently cut the password at the limit and accepted it. Then when I tried to log in, I couldn't. I suspect the log-in form has a different limit, or handles it differently.
So I had to reset my password again (I had just done it once, because I haven't been here in years), and try a new one. Fortunately it occurred to me that the problem might be the form limit, before I blindly tried a new password of the same length again, and I manually counted it.
Al_B on 15/6/2023 at 17:58
50 character is indeed the maximum length set by vbulletin when changing your password. I very much doubt many people are using a password or phrase over 50 characters but I agree that it shouldn't be inconsistent with actually logging in.
I've changed the header and the login forms to also limit the entry to 50 characters as well so although it won't actually use longer passwords you won't have the same discrepancy again in future if you do the same.
Skaruts on 15/6/2023 at 18:55
Thanks.
Although my main concern is that I think the limit ought to be stated in the forms as well, as it's not obvious by just looking at the text boxes.
Nameless Voice on 15/6/2023 at 22:17
50 characters isn't too bad a restriction (compared to some of the crazy ones I've seen on badly-designed sites), but it's still relatively easy to get longer when using a passphrase of 6 words or more instead of a password.
Using passphrases instead of passwords has become popular since (
https://xkcd.com/936/) XKCD #936.
