Absolutely, as I said I outsource all storing of credit card information to Auth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gommm on Dec 28, 2011 \| parent \| context \| favorite \| on: Specialforces.com Site Hacked Absolutely, as I said I outsource all storing of credit card information to Authorize.net. Storing them myself is not a responsibility that I would take lightly and I'm sure they'll do a better job than me. For passwords, while I do not force users to have secure passwords, I of course allow complex passwords (including 32 characters with any symbols and so on) because this is what I use and if there's one thing I hate, it's websites like my bank that force me to only use 6 numbers for the password.

pavel_lishin on Dec 28, 2011 [–]

Why only 32?

gommm on Dec 28, 2011 | [–]

That was just to take his example, I don't actually limit the length of passwords (although seeing http://stackoverflow.com/questions/3002828/bcrypt-says-long-... I should limit to 71 characters)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact