114

What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (lemmy.ca)

submitted 6 days ago by Showroom7561@lemmy.ca to c/privacy@lemmy.ca

83 comments fedilink hide all child comments

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments

[-] some_guy@lemmy.sdf.org 10 points 6 days ago

Sixteen is the minimum where I work. We upped it at the end of last year. Fortunately, we also fixed our password policy to expire annually. It used to be every three months, which leads to recycling.

[-] jagged_circle@feddit.nl 8 points 5 days ago

NIST recommended to never have passwords expire since like 3 decades. You gotta get rid of that. It makes your org less secure.

Probably best to just fire whoever set that up. They're clueless

[-] filcuk@lemmy.zip 3 points 5 days ago

These policies typically come from top management. They'd have to fire themselves.

[-] sugarfoot00@lemmy.ca 7 points 6 days ago

There's always recycling. Or changing that final character from a 1 to a 2, etc. The human brain just cant handle the complexity otherwise.

[-] teft@lemmy.world 2 points 6 days ago

Use a couple words instead of letters, you’ll find it easier to remember and not use repeats. Bicycle Uber Pancake 4* should be more secure than some random bunch of letters you’ll forget.

[-] sugar_in_your_tea@sh.itjust.works 4 points 5 days ago

Just use a password manager. No need to remember anything besides your master password. That works for pretty much everything, except I guess computer logins.

[-] teft@lemmy.world 3 points 5 days ago

Well yes everyone should use a password manager but some people can't load a password manager onto their work computer and therefore are more likely to use non-random passwords. It's easier to remember a passphrase than a random password.

[-] sugar_in_your_tea@sh.itjust.works 2 points 5 days ago

Fortunately, we force everyone to use a password manager at my company. SSO all the things!

[-] Kazumara@discuss.tchncs.de 1 points 5 days ago

We got SSO systems too, unfortunately, there are about 3 of them, lol. The old ADFS, the current Microsoft login (possibly cloud AD, not sure), and our own ID product that we offer to customers.

this post was submitted on 30 May 2025

114 points (98.3% liked)

privacy

4487 readers

87 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

community.nicfab.it/c/privacy

founded 3 years ago

MODERATORS

QuentinCallaghan@sopuli.xyz

Kokomheart@lemmy.ca

altair222@beehaw.org