In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

  • magic_lobster_party@fedia.io
    71·
    2 days ago

    What’s more frustrating is when the password creation page is silently cutting off too long passwords and don’t inform you about it.

    • neilb@lemmy.mlEnglish
      15·
      2 days ago

      There’s a site I use that does that on the password reset page, but not when logging in. So when using a long password it’s as if the reset never works. Took me ages to figure out what was going wrong.

    • jj4211@lemmy.worldEnglish
      7·
      2 days ago

      Back in the day, long time ago, Unix would do that, and limit user silently to 8 characters.

      Which then wasn’t great, but a good password would be hard to break even at only 8 characters with equipment of the time.

      We would do a cracking test against the user passwords periodically and ding users who got cracked. Well one user was shocked because they thought their 16 character password was super secure and there’s no way we would crack it. So we cited her password and she was shocked she went through so much trouble only for the computer to throw away half her awesome password.