Shout out to forms which error out with "Password too long! Must be at most ten ...

nullfield · 2024-03-08T19:45:04.000000Z

I suspect, somehow, that this is stupidity with the bank's processing core systems, which ... things are weird with financials.

They buy someone out, and now there are two systems. Glued together with duct tape. Then they release a new web product, or mobile app, or whatever, and that gets taped on too. Duct tape and spit all the way down, with everything eventually limited by the most broken part (if you're lucky).

kdomanski · 2024-03-08T12:20:56.000000Z

Yeah, banks unfortunately have their opinionated checklists of “best practices”, also know as “what every other bank does”.

alwaysbeconsing · 2024-03-08T16:56:58.000000Z

Very frustrating that any place where I can store code has way more security than what's more important to me: place where I store my money. Financial companies still using SMS for 2FA!

tdudhhu · 2024-03-08T12:21:52.000000Z

Sometimes I can understand this because banks work with old software that just has these restrictions.

But modern apps: just give us Unicode support. And maybe a limit of 255 characters, but not less.

tazu · 2024-03-08T16:52:54.000000Z

Noticed the other day BCrypt has a max input size of 72 bytes.

tdudhhu · 2024-03-09T08:03:57.000000Z

Ah ofcourse. My bad. I was thinking about other restrictions like usernames. For passwords there should not be any.

tazu · 2024-03-10T04:35:07.000000Z

That's what I'm saying. Passwords should probably have a reasonable limit like 72 bytes.

tazu · 2024-03-08T16:53:38.000000Z

Ran into this with TikTok "Creator Marketplace" (for buying ads), password limit of 20 characters... $200B company.