Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?

I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.

And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?

    • janAkaliEnglish
      110 months ago

      While most of the time, I remember my password, I know I could just snap and forget it right there at any point. Happened to me not once. And I’m in my 20s. Sometimes when I forget a password, I just start typing and muscle memory kicks in, sometimes it doesn’t. I guess our brains are not optimized to store long random strings of characters. You could use a long sentence as your master password or do as I do:

      Come up with a way to make up a long seemingly random password from a couple words. Then if/when you forget a password, just remember those words and reconstruct password from them.

      • Don’t use common dictionary words or anything from popular media, as it could be guessed by attackers.
      • You can write down algorithm on a piece of paper and keep it somewhere safe.
      • Words should be related but not directly:
        • two asteroid names - bad
        • asteroid name and it’s greek translation - bad
        • real city name and city name from a book - good
        • two words that both start with S and end with T - good
      • If you forget both words, you should be able to remember/look up at least one of them if you still remember how you came up with the word.