Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?

I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.

And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?

  • janAkaliEnglish
    110 months ago

    While most of the time, I remember my password, I know I could just snap and forget it right there at any point. Happened to me not once. And I’m in my 20s. Sometimes when I forget a password, I just start typing and muscle memory kicks in, sometimes it doesn’t. I guess our brains are not optimized to store long random strings of characters. You could use a long sentence as your master password or do as I do:

    Come up with a way to make up a long seemingly random password from a couple words. Then if/when you forget a password, just remember those words and reconstruct password from them.

    • Don’t use common dictionary words or anything from popular media, as it could be guessed by attackers.
    • You can write down algorithm on a piece of paper and keep it somewhere safe.
    • Words should be related but not directly:
      • two asteroid names - bad
      • asteroid name and it’s greek translation - bad
      • real city name and city name from a book - good
      • two words that both start with S and end with T - good
    • If you forget both words, you should be able to remember/look up at least one of them if you still remember how you came up with the word.