It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.

That’s not a “strong” password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I’m talking government websites, not just forums. It seems crazy to me.

  • @some_guy@lemmy.sdf.org
    97 days ago

    Sixteen is the minimum where I work. We upped it at the end of last year. Fortunately, we also fixed our password policy to expire annually. It used to be every three months, which leads to recycling.

    • @jagged_circle@feddit.nlEnglish
      87 days ago

      NIST recommended to never have passwords expire since like 3 decades. You gotta get rid of that. It makes your org less secure.

      Probably best to just fire whoever set that up. They’re clueless

    • @sugarfoot00@lemmy.caEnglish
      77 days ago

      There’s always recycling. Or changing that final character from a 1 to a 2, etc. The human brain just cant handle the complexity otherwise.

      • teft
        27 days ago

        Use a couple words instead of letters, you’ll find it easier to remember and not use repeats. Bicycle Uber Pancake 4* should be more secure than some random bunch of letters you’ll forget.

        • @sugar_in_your_tea@sh.itjust.works
          47 days ago

          Just use a password manager. No need to remember anything besides your master password. That works for pretty much everything, except I guess computer logins.

          • teft
            37 days ago

            Well yes everyone should use a password manager but some people can’t load a password manager onto their work computer and therefore are more likely to use non-random passwords. It’s easier to remember a passphrase than a random password.