Ask HN: Why don't sites allow longer passwords?
I'm in the process of securing all of my online accounts using KeePassX to manage the passwords. Many sites (Reddit, Bank of America, Slashdot, etc) only allow 20 character passwords, yielding a 160-bit password. KeePassX suggests by default generating 25 character/200-bit passwords, which doesn't seem to be a bad idea.
It would seem to be a good idea to allow up to 100-character passwords, and I can't see there significant extra burden on the databases/sites to process them. Is there a reason for the 20-character limit that many sites impose?
It should be noted that HN allows 25-character passwords.
1 comment
[ 3.5 ms ] story [ 12.1 ms ] thread