It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.

That’s not a “strong” password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I’m talking government websites, not just forums. It seems crazy to me.

  • Dr. WeskerEnglish
    55·
    8 days ago

    It’s informative. It informs you that you shouldn’t use the site, if possible. Because it’s also suggestive of poor security practices in general.

    • MelodiousFunk@slrpnk.net
      11·
      8 days ago

      Yeah, imagine my shock and disappointment when encountering such limitations signing up for credit monitoring (by one of the big 3). It’s not enough that my employer has a breach, no. But also finding out that one of the big players has some ridiculous 12 character alphanumeric password restriction. Absolute dogshit.

      • sugar_in_your_tea@sh.itjust.works
        3·
        7 days ago

        A random 12-character password should take years to crack. But they’re probably also storing it as plaintext, so no need to crack, just breach the DB (which is probably also insecure).