115

What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (lemmy.ca)

submitted 1 week ago by Showroom7561@lemmy.ca to c/privacy@lemmy.ca

83 comments fedilink hide all child comments

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments

[-] sugar_in_your_tea@sh.itjust.works 2 points 1 week ago

Which is dumb because passwords should be treated as opaque bytes then salted and hashed. If your code breaks due to invalid unicode, your code is broken.

[-] jagged_circle@feddit.nl 1 points 1 week ago

No. If you're salting and hashing your passwords, you're doing it wrong.

We have password specific memory hard functions like argon that you should be using

this post was submitted on 30 May 2025

115 points (98.3% liked)

privacy

4564 readers

26 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

community.nicfab.it/c/privacy

founded 3 years ago

MODERATORS

QuentinCallaghan@sopuli.xyz

Kokomheart@lemmy.ca

altair222@beehaw.org