Been there. It’s somewhat ok if they do it consistently. E.g. registration and login form both allow more than 16 chars and then just truncate the password silently.
Worse is if the registration form does it, but the login form uses the full password you entered (or vice versa) and then the login fails because the password doesn’t match…
Been there. It’s somewhat ok if they do it consistently. E.g. registration and login form both allow more than 16 chars and then just truncate the password silently.
Worse is if the registration form does it, but the login form uses the full password you entered (or vice versa) and then the login fails because the password doesn’t match…