You need to ofc 'salt' users passwords ahead of hashing them in order to avoid with the ability to Recuperate the original password from the hash. $endgroup$Henrik supports the communityHenrik supports the Local community 10355 bronze badges $endgroup$ 3 $begingroup$ This is not whatsoever a good reason for anybody to limit the length of passwords.