Return to Answer

	2	fix linkrot source \| link	edit approved Jun 5 '14 at 1:29 Josh 1034
inline side-by-side side-by-side markdown If they store it in plaintext or encrypted plaintext, then that's probably the maximum value that can be stored in the DB. On the other hand one should get as far as possible from these sites To avoid DOS attacks. This is usually if they have a very high limit, like 512 or 1024 bytes To comply with regulations that are actually made by people not knowing anything about IT security For legacy reasons, as Tom Leek has pointed out Btw. here is a (historical) list of high ranking sites having maximum password lengths: https://defuse.ca/password-policy-hall-of-shame.htm http://web.archive.org/web/20130907182806/https://defuse.ca/password-policy-hall-of-shame.htm If they store it in plaintext or encrypted plaintext, then that's probably the maximum value that can be stored in the DB. On the other hand one should get as far as possible from these sites To avoid DOS attacks. This is usually if they have a very high limit, like 512 or 1024 bytes To comply with regulations that are actually made by people not knowing anything about IT security For legacy reasons, as Tom Leek has pointed out Btw. here is a list of high ranking sites having maximum password lengths: https://defuse.ca/password-policy-hall-of-shame.htm If they store it in plaintext or encrypted plaintext, then that's probably the maximum value that can be stored in the DB. On the other hand one should get as far as possible from these sites To avoid DOS attacks. This is usually if they have a very high limit, like 512 or 1024 bytes To comply with regulations that are actually made by people not knowing anything about IT security For legacy reasons, as Tom Leek has pointed out Btw. here is a (historical) list of high ranking sites having maximum password lengths: http://web.archive.org/web/20130907182806/https://defuse.ca/password-policy-hall-of-shame.htm

	1	source \| link	answered Mar 30 '13 at 21:52 SztupY 60149
If they store it in plaintext or encrypted plaintext, then that's probably the maximum value that can be stored in the DB. On the other hand one should get as far as possible from these sites To avoid DOS attacks. This is usually if they have a very high limit, like 512 or 1024 bytes To comply with regulations that are actually made by people not knowing anything about IT security For legacy reasons, as Tom Leek has pointed out Btw. here is a list of high ranking sites having maximum password lengths: https://defuse.ca/password-policy-hall-of-shame.htm

Technology			Life / Arts	Culture / Recreation	Science	Other
Stack Overflow Server Fault Super User Web Applications Ask Ubuntu Webmasters Game Development TeX - LaTeX	Programmers Unix & Linux Ask Different (Apple) WordPress Development Geographic Information Systems Electrical Engineering Android Enthusiasts Information Security	Database Administrators Drupal Answers SharePoint User Experience Mathematica Salesforce ExpressionEngine® Answers more (13)	Photography Science Fiction & Fantasy Graphic Design Movies & TV Seasoned Advice (cooking) Home Improvement Personal Finance & Money Academia more (9)	English Language & Usage Skeptics Mi Yodeya (Judaism) Travel Christianity Arqade (gaming) Bicycles Role-playing Games more (21)	Mathematics Cross Validated (stats) Theoretical Computer Science Physics MathOverflow Chemistry Biology more (5)	Stack Apps Meta Stack Exchange Area 51 Stack Overflow Careers

site design / logo © 2016 Stack Exchange Inc; user contributions licensed under cc by-sa 3.0 with attribution required

rev 2016.6.21.3688

Information Security Stack Exchange works best with JavaScript enabled