• 0 Posts
  • 1 Comment
Joined 1Y ago
cake
Cake day: Jun 12, 2023

help-circle
rss

Setting a max password length is sometimes done to prevent ddos attacks. Without it, attackers could just spam 1MB passwords constantly and force the login server to just spend all its cpu time hashing garbage.

That being said, a password limit of under 20 characters probably just means they are just storing passwords in plaintext.