We’ve all been there.

  • OdinsonThor
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    All of those things can be verified before storing the password in any way, encrypted or not, and checking them would be a requisite before storing it.

    While it’s true that they don’t have a significant impact on the hash generated, they make it significantly more difficult for anyone to guess your password. It’s much easier to guess password321 than something like Or^9L%u&QQ12XxI@. And that has nothing to do with how the password is ultimately stored.

    • unixfreak@feddit.uk
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Of course, requiring at least one symbol or upper case letter etc is a good idea, along with a minimum length. Many websites won’t let you use a password longer than a certain amount of characters. The only reason for that limitation is that they are storing the database field as plaintext, and anything longer will not fit into that column.