this post was submitted on 30 May 2025
115 points (99.1% liked)

privacy

4296 readers
72 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
115
What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (lemmy.ca)
submitted 3 days ago by [email protected] to c/[email protected]
83 comments fedilink hide all child comments
 

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 3 days ago (1 children)

There is no excuse for a max password length of 16, that’s just terrible.

I get your point above, and the reason I hate short passwords is that I use passphrases. They are not only easier to type in, but long passphrases of 4+ words (plus a few extra characters and a number) are considerably more secure than the "best" 16-character password made up of random characters.

Per your problem above, is this why some sites send you a 2FA code before asking for your password? To avoid that potential DOS attack?

[–] [email protected] 4 points 3 days ago (1 children)

Yes in your specific scenario, you are righr. But if you even the playing field, apples to apples. If you have 4 words of each 4 letters plus random char at the ebd, lets say equating to 20 characters in total, a random 20 character password is better. Words/phrases are now commonly added to bruteforce attacks unlike before. Use an good password plus a 2fa that isnt sms or email for best protection, or dump passwords if you can for hardware keys.

[–] [email protected] 2 points 2 days ago

˙˙˙ɐuuoפ ɹǝʌǝN