It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.
That’s not a “strong” password, random characters or not.
Is there a limitation that somehow prevents these sites from allowing more than 16 characters?
I’m talking government websites, not just forums. It seems crazy to me.
Passwords should be hashed to a fixed length. Character limit implies clear text passwords are stored.
What if the pass is only temporarily stored in a db table, then instantly hashed and dropped? Obviously, I’m no db admin. :(
Best practice is never to store a password in the clear.