What's standard minimal and maximal lenght of username, password and email?
views:
49answers:
2
+1
A:
According to RFC 5321 (SMTP), "the maximum total length of a reverse-path or forward-path [an email address] is 256 octets [bytes]." Also, "the maximum total length of a user name or other local-part is 64 octets" and "the maximum total length of a domain name or number is 255 octets." (That's bytes, not characters; in Unicode, the difference matters.)
The length of usernames and passwords varies per system. If your designing a web app that uses usernames and passwords, set your own limits. Keep in mind that too short passwords are potentially unsafe.
larsmans
2010-09-26 08:57:57
+2
A:
I have issues with this question, as it pre-supposes that there should be a standard, and that the values will be the same across all services.
I don't think it's useful to impose a maximum length for any of these fields, especially the password field. With password hashing, there's no space benefit from restricting password length. There may be cause to limit the minimum password length, but what the minimum should be depends on the security of the service.
With the email address, you can't guess how long an address your users will pick, nor how short: who are you to say that a.very.long.address@some.subdomain.of.makealongeremailaddress.com isn't valid, and conversely, that Twitter won't start selling email aliases on t.co?
Usernames are slightly more difficult to reason about, but again I'd argue that there's no benefit to restricting the length. If your service is likely to be popular, then (like Google) you may benefit from stopping the race to get the short vanity usernames, but especially if you're popular, there's no benefit to restricting the length and if you do then you may be stopping your users from finding a suitable name that's not already taken (cf "No-As-Big-As-Medium-Sized-Jock-But-Bigger-Than-Wee-Jock-Jock").
Andrew Aylett
2010-09-26 08:58:15