HackerMeter Password Policy

I created an account on HackerMeter to see what the coding exercises looked like. I didn’t even finish creating my account before I was hit with a major disappointment:

A site meant to help rank hackers rejected my 40 character password. Violating this password policy is so bad they had to tell me twice. :-)

Perhaps they should add an exercise to code a password hashing mechanism that supports more than 30 characters. For reference, bcrypt supports up to 72 characters.

2 thoughts on “HackerMeter Password Policy”

  1. I’d read that previously and I like the approach. The 320k gzipped JavaScript is heavier than I’d like, but there ways of mitigating that.

    The bigger issue is still having overly restrictive password policies, on either the length or characters used. Never understood the logic of things like @ and !.

Leave a Reply

Your email address will not be published. Required fields are marked *