14
Password limit is set to 60 characters
(programming.dev)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 24 Sep 2023
14 points (85.0% liked)
Thunder App
2706 readers
19 users here now
An open-source, cross-platform Lemmy client for iOS and Android.
This community is intended to discuss features and feature suggestions for Thunder; as well as friendly, respectful talks about Lemmy in general.
Please use the GitHub repository linked below to submit bug reports, so keeping track of them is easier, and make sure to search first if you already can find an issue for your report.
If there are any developers who would like to contribute, feel free to reach out on GitHub!
General Links
Website: Link
GitHub Repository: Link
Matrix Space: Link
Android Releases
IzzyOnDroid: Link
Google Play: Link
iOS Releases
Apple App Store: Link
TestFlight Beta: Link
Related Communities
Nightly Community: Link
founded 1 year ago
MODERATORS
Mine is 100+. As far as I remember, there is no limit set for admin passwords.
So what I have noticed is 60 is the max according to the source code, but if you use a password manager that fills the field in for you, the browser in my case Firefox, ignores the limit and accepts the full length password.
Gotcha, well admin passwords are created without using the interface, so it would not be affected by the frontend limits anyway.
Hey there, like others have mentioned, I think this is a limitation on lemmy's end which limits the password length up to 60 characters.
This is the source code for lemmy's backend if you're curious. If you think this is not the case, feel free to create a new issue on GitHub and we can take a further look into this! Let me know if you need any more clarification :D
I think that check must be bypassed for admin passwords, or it was instituted after I created programming.dev, because my password is 100 characters and I can log in on every other app perfectly fine. Even if that was the limit, it still should be enforced by the backend on login, not on the frontend, except for maybe initial account creation.
That could be a possibility - we can do some tests to verify if that’s the case. I found this related issue which might indicate that all auth flows through the same logic.
Unfortunately, that might not be the case. Dessalines mentioned in this comment that the backend doesn’t truncate overly long passwords, and throws an error instead. Although, as you mentioned, this might be bypassed for admin users.
Either way, I think we can take a deeper look at this and verify this information! Feel free to create a new issue for this on GitHub if you’re able to so that we can track this issue better.