[WEB SECURITY] Max size of a password

Pavol Luptak pavol.luptak at nethemba.com
Sat May 21 09:39:15 EDT 2011


On Fri, May 20, 2011 at 08:23:21AM -0700, Gautam wrote:
>    I was recently reviewing a internal document and noticed that the the
>    requirement for password mentioned that it should be minimum 7 characters
>    and maximum 14 characters.
>    While i was ok with the minimum, I was not ok with maximum 14 since I
>    believe that we should not put a restriction on the maximum and user can

Believe or not, but few months ago I had some problems with accessing to my
Internet banking (one new Slovak bank). It took me a lot of calls/emails to 
their support center and after many weeks they finally found out where is the 
problem - I set too long password (about 14-15 characters) and they simply do 
not support such long passwords :-) 

WTF? Is this possible in Internet banking environment? :)

[Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3609 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110521/0a769a2d/attachment.p7s>

More information about the websecurity mailing list