114
submitted 6 days ago by [email protected] to c/[email protected]

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 7 points 5 days ago

There’s no good reason today and in the future, period.

There are “experts” who still claim these, but they are based on a very dated recommendation from at least 15 - 20 years ago at this point. To some, such non-sensical requirements (by the fact that we should be storing passwords as hashes today) have become doctrine, rather than any fact based in reality.

And some users have been conditioned into thinking that these are good security practices as well, because governments and banks still make use of them, and these are the very organizations that should be the best-in-class when it comes to security. Some of these users become CEOs or product designers with more say than their IT and security experts in the company. The rest is history from there.

this post was submitted on 30 May 2025
114 points (98.3% liked)

privacy

4433 readers
62 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 3 years ago
MODERATORS