Sorry, didn’t want this to look like an attack or disagreement. Just wanted to highlight that point, because arbitrary maximum sizes for passwords are a pet peeve of mine.
Sorry, didn’t want this to look like an attack or disagreement. Just wanted to highlight that point, because arbitrary maximum sizes for passwords are a pet peeve of mine.
At least the character limit had a technical reason behind it: having a set size for fields means your database can be more efficient.
If that is the actual technical reason behind it, that is a huge red flag. When you hash a password, the hash is a fixed size. The size of the original password does not matter, because it should not be stored anyway.
So his “crime” that you want to punish him for is that he improved things in a way that made sense in the context of his time instead of looking decades into the future and forcing a drastic change immediately long before society was anywhere near ready for it? Seriously?
It’s not like there was nothing at all in that space before git came along, e.g. we had svn before, and mercurial more or less in parallel.
A typical project manager will get a range, take the lower bound and communicate it as the only relevant number to every other stakeholder. When that inevitably does not work out, all the blame will be passed on to you unfiltered.
Depending on where you work it may or may not be worth giving someone new the benefit of the doubt, but in general it is safer to only ever talk about the upper bound and add some padding.