In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
It can also be just a randomly chosen limit. I work as a software engineer on a custom management software for a big client. For whatever reason until recently, the limit for email addresses in the master data was 50 character. Why? No clue but someone had decided that randomly in the past. Now it was increased to 100. Why again? According to RFC 5321 a limit of 254 would be the most sensible one. But the people who come up with those requirements just don’t care. They decided it to be 100 from now on for no apparent reason.
Then we have many input fields, that have a limit of 255 character. Why not 256? Why such a weird number in general? The people who use this software in production are most likely not the ones who usually think in powers of two. So why not make it 250 or 300 oder whatever?
Sometimes those limits are just arbitrary with no technical or logical reason to back them up. Which doesn’t make it less stupid mind you.
255 chars + ‘\0’ = 256
Not weird at all.
I see your point, but we have Java backends and strings there are not null terminated. Also I’m very sure that those would never be the reason for our Postgres server to run out of storage so I don’t get it why not make it more user friendly. We’re not implenting an embedded system where every byte of storage counts.
Agree, I was just commenting on why 255 in itself isn’t “weird”. I find myself doing comparisons of the “value == variable” type even in languages where you cannot assign by mistake. Some of us old farts code from muscle memory … :)