Passwords are limited to 20 characters.

Description

Passwords "must be between 8 and 20 characters". 20 is too few for a decent passphrase.

There should be no need for such a low upper limit

  • it won't take any extra space in the database since all password hashes will be the same length

  • if the speed to generate a hash is an issue, surely it would only become so at something over 100 characters.

Environment

Observed this on password reset form in translate.zanata.org

Status

Assignee

Alex Eng

Reporter

David Mason

Tested Version/s

None

Components

Sprint

None

Fix versions

Affects versions

server-3.7.0

Priority

Medium