I've run into off-by-one issues in password length requirements in the past, so ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		syntheticnature on Dec 15, 2016 \| parent \| context \| favorite \| on: Yahoo discloses hack of 1B accounts I've run into off-by-one issues in password length requirements in the past, so if 32 characters is the stated maximum it might only be capable of 31 on the validation side.

KMag on Dec 17, 2016 [–]

That asymmetry in length support strongly suggests they're storing passwords in plain text.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact