It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.

That’s not a “strong” password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I’m talking government websites, not just forums. It seems crazy to me.

  • tleb
    link
    fedilink
    arrow-up
    21
    ·
    6 days ago

    One character equals one byte of memory so my guess is they only allocated 16 bytes of space for the password.

    This is true for storing text in general but passwords aren’t supposed to be stored as text, they should be hashed. The size of the hash will depend on the hashing algorithm. In other words, if there’s a database limitation for the size of a password, it probably means they’re storing the password plaintext 💀

    More likely than not it’s just some poorly designed validation