search

sdelements / lets-chat

Self-hosted chat app for small teams
http://sdelements.github.io/lets-chat
MIT License
9.78k stars 1.58k forks source link

Password length warning #440

Open snorberhuis opened 9 years ago

snorberhuis commented 9 years ago

Currently, the maximum password length is 64 enforced by the maximum length of the input field for your new password. This is also the default of the regex of the format of the password. But no warning is given if you exceed this length using a paste command and only the first 64 characters are used. The login input field does not have a maximum input length.

If you use paste commands to enter the password during registration, then you cannot login after registering. Because the whole password is used during signing in. This is common behaviour with for example a password manager like pass and generate a password longer then 64 characters.

A warning during registration would be good that the length is exceeded or better larger password lengths.

sibartlett commented 9 years ago

We should probably remove the limitation on password length.

hhaidar commented 9 years ago

@sibartlett +1