Should I have a maximum password length?

You should hash the passwords using a secure algorithm instead of storing it in clear text. The hash function will result in a constant output size regardless of the length of the input string.

Using a minimum length and perhaps some other quality rules is a good idea because it helps a little against laziness.

If you are afraid of Denial of Service attacks, you could put a server side limit for ordinary input fields into place, for example 1000 bytes. It's unlikely that someone wants to use such a long password.


My recommendation: 1,024 bytes.

The limitation on password sizes is a limitation that existed for reasons of obsolete technical requirements. Modern password storage should rely on hashing which makes the password storage field a fixed size regardless of the password length. We don't want to see 1mb passwords as that would simply indicate somebody trying to cause a denial of service. I don't think I'll ever see a human use a 1,024 character (or longer) password. I think that's a small enough value to prevent any real DOS and a high enough value to never be reached in any reasonable circumstance.


It depends on the message digest function you use. For the majority (sha-256, even md5,sha1 ect...) it doesn't matter. However, if you are using bcrypt it does, bcrypt has a 55 char limit. So if you're salt is 27 bytes you can have a password of 28 bytes.

On a side note, CWE-521 does require that you have a max password length. However it doesn't state the max, and from a security prescriptive I don't see any reason why it could be 512kbyte or more.