The username and passwords are stored in SQL databases and fields have a limit. For usernames it's a bad decision to limit at something so low as 12 characters but it's acceptable, having a limit on password size usually means they are storing it in clear text instead of hashing it and storing the hash, which is really really bad.
Yeah, but I would expect that they have the hardware to increase the field size. It's a simple as changing the field definition ex. varchar(25) instead of varchar(12). For password length limit is it possible that they are using tokenization? I am assuming not, and that it is simply plan text, or they check length first then hash.
True, I was implying that the reason they limited it was because they didn't have the hardware to support the total number of end users but that's because I was being generous to the developers. In reality you are most likely correct.
The username and passwords are stored in SQL databases and fields have a limit. For usernames it's a bad decision to limit at something so low as 12 characters but it's acceptable, having a limit on password size usually means they are storing it in clear text instead of hashing it and storing the hash, which is really really bad.
[This comment was removed]
Yeah, but I would expect that they have the hardware to increase the field size. It's a simple as changing the field definition ex. varchar(25) instead of varchar(12). For password length limit is it possible that they are using tokenization? I am assuming not, and that it is simply plan text, or they check length first then hash.
It's not a question of hardware, it's a question of bad developers.
True, I was implying that the reason they limited it was because they didn't have the hardware to support the total number of end users but that's because I was being generous to the developers. In reality you are most likely correct.