So apparently @Blizzard_Ent passwords have a maximum length of 16 chars, don't allow Unicode characters and are case insensitive. I'm not saying they're storing their passwords in plain text, but they are definitely storing their passwords in plain text.
By itself, this does not necessarily mean they’re storing the passwords in plain text. You just store hash(lowercase(password)) instead of hash(password). Facebook does this too, IIRC.
-
-
Of course, but it's still worrying to say the least.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.