AI

Asking AI About Password Length - Part 3

In Part 3, I ask Google’s Bard why it would limit password length to 15 characters in a web application. See Part 1 for the response from Anthropic’s Claude and Part 2 for ChatGPT’s thoughts on the subject. I start with the same question.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.

Asking AI About Password Length - Part 2

In Part 1, I asked Anthropic’s Claude AI Assistant to play Web Application Developer and explain why it would choose to limit its application’s password length to no more than 15 characters.

In this post, I used the same starting prompt and asked ChatGPT.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.

Asking AI About Password Length - Part 1

Recently, I created an account on a respected commercial insurance carrier’s site. The site restricted passwords to a maximum of 15 characters.

Password Length Limit
Account Creation Limits Password Length

I know enough about information security to know that this is bad. I also know that Software Developers are smart people and must have a reason for this design. Being curious, I decided to ask our new AI overlords why they think this choice was made by the developer.