Hacker News new | past | comments | ask | show | jobs | submit login

The only reason I can figure why anyone would do that is if at some point the password in the db was a varchar with a length and then they changed it but didn't change the frontend - big isolated development team problems.

afaik, passwords are not stored in databases. Only the hash of the password is stored. The database doesn't know and doesn't care about the length of the password.

A human has to do the work to turn the password string into a hash and store the hash. At some point in time (or now, even), it's probable that they ... didn't hash the password.

Either the password or the hash of the password is stored, which it is depends on the age of the application, the skills of the developers and probably other factors that do not readily spring to mind.

However I am quite certain that not every solution has hashes of the password stored because every now and then I still get sites that tell me the password I chose has disallowed characters in it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact