this post was submitted on 30 May 2025
115 points (98.3% liked)

privacy

4548 readers
32 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 3 years ago
MODERATORS
Kokomheart
[email protected]
[email protected]
115
What is it with websites restricting passwords to 8 - 16 characters? Is there some technical limitation to their system?? (self.privacy)
submitted 1 week ago by Showroom7561 to c/privacy
83 comments fedilink hide all child comments
 

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 1 week ago (9 children)

It’s usually shoddy (or intended?) coding that only allows a 16 byte length for the password. One character equals one byte of memory so my guess is they only allocated 16 bytes of space for the password. The irony is NIST 2025 recommendations argue for AT LEAST 15 characters for passwords.

[–] tleb 21 points 1 week ago (1 children)

One character equals one byte of memory so my guess is they only allocated 16 bytes of space for the password.

This is true for storing text in general but passwords aren't supposed to be stored as text, they should be hashed. The size of the hash will depend on the hashing algorithm. In other words, if there's a database limitation for the size of a password, it probably means they're storing the password plaintext 💀

More likely than not it's just some poorly designed validation

[–] [email protected] 4 points 1 week ago

Yea, you are correct. The database size should be based on the hashing algorithm.

load more comments (7 replies)