114

What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (lemmy.ca)

submitted 4 days ago by [email protected] to c/[email protected]

83 comments fedilink hide all child comments

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 21 points 4 days ago

One character equals one byte of memory so my guess is they only allocated 16 bytes of space for the password.

This is true for storing text in general but passwords aren't supposed to be stored as text, they should be hashed. The size of the hash will depend on the hashing algorithm. In other words, if there's a database limitation for the size of a password, it probably means they're storing the password plaintext 💀

More likely than not it's just some poorly designed validation

[-] [email protected] 4 points 4 days ago

Yea, you are correct. The database size should be based on the hashing algorithm.

this post was submitted on 30 May 2025

114 points (98.3% liked)

privacy

4345 readers

1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

community.nicfab.it/c/privacy

founded 3 years ago

MODERATORS

[email protected]