Manual:$wgMaximalPasswordLength

From Linux Web Expert

<translate> User accounts, authentication</translate>: $wgMaximalPasswordLength
Specifies the maximal length of a user password.
<translate> Introduced in version:</translate>1.24.0 (Gerrit change 201220; git #63cf33d8)
<translate> Deprecated in version:</translate>1.26.0 (Gerrit change 206156; git #1a20dc93)
<translate> Removed in version:</translate>1.42.0 (Gerrit change 995047; git #2d66025f)
<translate> Allowed values:</translate>(nonnegative integer)
<translate> Default value:</translate>4096

Details

Specifies the maximal length of a user password.

It is not recommended to make this greater than the default, as it can allow DoS attacks by users setting really long passwords. In addition, this should not be lowered too much, as it enforces weak passwords.

File:OOjs UI icon notice-destructive.svg <translate> Warning:</translate> Unlike other password settings, user with passwords greater than the maximum will not be able to log in.

Since 1.26 deprecated in favor of $wgPasswordPolicy .

See also