It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.
That’s not a “strong” password, random characters or not.
Is there a limitation that somehow prevents these sites from allowing more than 16 characters?
I’m talking government websites, not just forums. It seems crazy to me.
What if the pass is only temporarily stored in a db table, then instantly hashed and dropped? Obviously, I’m no db admin. :(
Best practice is never to store a password in the clear.