Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?
I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.
And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?
Every time I find a site like this, I assume the programming is bad and the security is poor. (They don’t know how to sanitize input? They don’t know how to hash passwords?) It’s a good reason to use random passwords on every site for when that one is compromised.
What is “funny” is that I had the maximum password size thing on several bank websites (and a low one, at that). Fortunately, with 2FA, it doesn’t really matter I guess.