Ask HN: Why don't sites allow longer passwords?

1 points by tibbon ↗ HN
I'm in the process of securing all of my online accounts using KeePassX to manage the passwords. Many sites (Reddit, Bank of America, Slashdot, etc) only allow 20 character passwords, yielding a 160-bit password. KeePassX suggests by default generating 25 character/200-bit passwords, which doesn't seem to be a bad idea.

It would seem to be a good idea to allow up to 100-character passwords, and I can't see there significant extra burden on the databases/sites to process them. Is there a reason for the 20-character limit that many sites impose?

It should be noted that HN allows 25-character passwords.

1 comment

[ 3.5 ms ] story [ 12.1 ms ] thread