this post was submitted on 30 May 2025
115 points (98.3% liked)

privacy

4791 readers
45 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 3 years ago
MODERATORS
Kokomheart@lemmy.ca
QuentinCallaghan@sopuli.xyz
altair222@beehaw.org
115
What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (lemmy.ca)
submitted 2 weeks ago by Showroom7561@lemmy.ca to c/privacy@lemmy.ca
83 comments fedilink hide all child comments
 

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments
[–] some_guy 10 points 2 weeks ago (2 children)

Sixteen is the minimum where I work. We upped it at the end of last year. Fortunately, we also fixed our password policy to expire annually. It used to be every three months, which leads to recycling.

[–] jagged_circle@feddit.nl 8 points 2 weeks ago (1 children)

NIST recommended to never have passwords expire since like 3 decades. You gotta get rid of that. It makes your org less secure.

Probably best to just fire whoever set that up. They're clueless

[–] filcuk@lemmy.zip 3 points 2 weeks ago

These policies typically come from top management. They'd have to fire themselves.

[–] sugarfoot00@lemmy.ca 7 points 2 weeks ago (1 children)

There's always recycling. Or changing that final character from a 1 to a 2, etc. The human brain just cant handle the complexity otherwise.

[–] teft@lemmy.world 2 points 2 weeks ago (1 children)

Use a couple words instead of letters, you’ll find it easier to remember and not use repeats. Bicycle Uber Pancake 4* should be more secure than some random bunch of letters you’ll forget.

[–] sugar_in_your_tea@sh.itjust.works 4 points 2 weeks ago (1 children)

Just use a password manager. No need to remember anything besides your master password. That works for pretty much everything, except I guess computer logins.

[–] teft@lemmy.world 3 points 2 weeks ago (1 children)

Well yes everyone should use a password manager but some people can't load a password manager onto their work computer and therefore are more likely to use non-random passwords. It's easier to remember a passphrase than a random password.

[–] sugar_in_your_tea@sh.itjust.works 2 points 2 weeks ago (1 children)

Fortunately, we force everyone to use a password manager at my company. SSO all the things!

[–] Kazumara@discuss.tchncs.de 1 points 2 weeks ago

We got SSO systems too, unfortunately, there are about 3 of them, lol. The old ADFS, the current Microsoft login (possibly cloud AD, not sure), and our own ID product that we offer to customers.