为什么要限制密码的长度? [英] Why restrict the length of a password?
问题描述
我刚刚注册了一个网站购买了一些商品,当我试图输入我(合理的安全)密码时,我被告知它太长了,我应该在5& 10个字符!这是什么意思?谁做这样的决定?当然理想的密码将是一个真正长而复杂的密码?为什么人们坚持试图限制您可以使用哪些类型的密码?
I've just signed up to a site to purchase some goods, and when I tried to enter my (reasonably secure) password I was informed it was too long, and that I should enter a password between 5 & 10 characters! What is the point in that? Who makes decisions like this? Surely the ideal password would be a really long and complicated one? Why do people insist on trying to restrict what types of passwords you can use?
您必须实现对网站的登录吗?是用于安全目的的登录(例如购买商品)。您对用户密码设置了什么限制(如果有)?
Have you had to implement a login to a website? Was the login for secure purposes (e.g. purchasing goods). What (if any) restrictions did you place on the user's password? What were your reasons for the decision?
推荐答案
限制密码大小是为了节省存储空间。它几乎表明你的密码被明显地存储在他们的数据库中,所以他们想限制它的大小。否则它只是一个限制,因为实现者不知道任何更好。
Restricting the size of a password is an attempt to save storage space. It pretty much indicates that your password is being stored plainly in their database, so they want to restrict its size. Otherwise it's just a restriction because the implementors don't know any better. Either way it's a bad sign.
您可能需要与网站管理员联系,并询问他们。他们应该存储散列,而不是密码,它们总是相同的大小,无论密码有多大。对您输入的密码大小以及您允许输入的字符范围确实没有限制。
You might want to contact the admins of the site and ask them about it. They should be storing hashes, not passwords, which are always the same size no matter how big the password is. There really should be no limit to the size of password you enter, nor the domain of characters you're permitted to input.
这篇关于为什么要限制密码的长度?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
