Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have a custom module that has:
function custom_global_form_alter(&$form, $form_state, $form_id) {
switch ($form_id) {
case 'user_login_block':
$form["pass"]["#maxlength"] = 128; // Originally 60
break;
}
}
However, this seems to not matter anymore since logintoboggan has hardcoded 30 char max passsword and it is very difficult to recreate more hooks/fucntions in my custom module to account for this. How come logintoboggan hardcodes a limit in length for password? I would prefer to establish 128 char or even 256 char password lengths.
Comments
Comment #1
hunmonk CreditAttribution: hunmonk commentedi've done more research on password security recently, and i agree this is not a sensible limit. it's been removed from the 5.x-1.x-dev, 6.x-1.x-dev, and 7.x-1.x-dev branches.