I have a custom module that has:

function custom_global_form_alter(&$form, $form_state, $form_id) {
  switch ($form_id) {
    case 'user_login_block':
      $form["pass"]["#maxlength"] = 128; // Originally 60

However, this seems to not matter anymore since logintoboggan has hardcoded 30 char max passsword and it is very difficult to recreate more hooks/fucntions in my custom module to account for this. How come logintoboggan hardcodes a limit in length for password? I would prefer to establish 128 char or even 256 char password lengths.


hunmonk’s picture

Title: 30 char limit for password » Remove 30 char limit for password
Status: Active » Fixed

i've done more research on password security recently, and i agree this is not a sensible limit. it's been removed from the 5.x-1.x-dev, 6.x-1.x-dev, and 7.x-1.x-dev branches.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.