It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.

That’s not a “strong” password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I’m talking government websites, not just forums. It seems crazy to me.

  • shalafiEnglish
    71·
    5 days ago

    This is it right here. The new system has to talk to the old database which has a character limit for that field. Untold amounts of money and effort would be required to update the back end.

    • Jakeroxs@sh.itjust.works
      3·
      4 days ago

      Too real, I know of a company that is changing a number from 8 to 9 digits and it’s estimated to cost around 230m to complete. Insanity.

    • tinkling4938@lemmynsfw.comEnglish
      31·
      4 days ago

      Passwords should be hashed to a fixed length. Character limit implies clear text passwords are stored.

      • shalafiEnglish
        1·
        4 days ago

        What if the pass is only temporarily stored in a db table, then instantly hashed and dropped? Obviously, I’m no db admin. :(