Hacker News new | ask | show | jobs
by winkeltripel 2547 days ago
Think more along the lines of "they once had a mainframe in their infrastructure which stored passwords instead of hashes, which caused their requirements to limit the length of passwords to 20 characters, even if that system is no longer in use, or now uses hashes."
1 comments
Thorrez 2547 days ago
Sure, but that means that currently there's no reason to have the limit, except that they don't want to invest any effort to change it.
link