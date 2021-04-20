James_Hibbard: James_Hibbard: Lol, right. And what is the rationale for limiting a password to 20 characters? (genuinely curious if someone knows the answer)

Usually because they stick the password into a fixed length varchar in the database. Mind you if they do their proper hashing and know the output length, shouldn’t be an issue either, but if they roll their own or don’t know the final length, they may just hack it off at a certain length. That is my guess.

TechnoBear: TechnoBear: Or, indeed, limiting the available special characters?

And this because sometimes they are lazy and some special characters, if not properly handled, can lead to injections or inadequate pattern matching. I mean I can see parenthesis, semicolons, commas all being problematic. They are probably just saying “Hell with handling all that, these are all you get to use”.