I have a custom module that has:

function custom_global_form_alter(&$form, $form_state, $form_id) {
  switch ($form_id) {
    case 'user_login_block':
      $form["pass"]["#maxlength"] = 128; // Originally 60
      break;
  }
}

However, this seems to not matter anymore since logintoboggan has hardcoded 30 char max passsword and it is very difficult to recreate more hooks/fucntions in my custom module to account for this. How come logintoboggan hardcodes a limit in length for password? I would prefer to establish 128 char or even 256 char password lengths.

Comments

Title:30 char limit for passwordRemove 30 char limit for password
Status:Active» Fixed

i've done more research on password security recently, and i agree this is not a sensible limit. it's been removed from the 5.x-1.x-dev, 6.x-1.x-dev, and 7.x-1.x-dev branches.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.