Comment by tshaddox
9 days ago
I bet the rationale would be "anything over 12 characters will be too hard to remember and people will just write down the password."
9 days ago
I bet the rationale would be "anything over 12 characters will be too hard to remember and people will just write down the password."
But it's a maximum. It prevents people that want to use passphrases from doing so.
Until the late 2010s, the AD account password at my financial institution employer was capped at 12 characters because, for a subset of workers, AD creds were sync'ed to a mainframe application that could only support that many characters.
Sounds about right. One of Australia's big four banks had the online banking password requirement of exactly six characters for a long time - for similar reasons I assume.
I think we (whoever we is) should start normalizing the concept of passphrases; on sign-up screens they should show the benefits of a passphrase. I'm surprised that Googles PW generator does not use passphrases, and I don't know about ios because I haven't tried theirs yet.
I started using passphrases after I saw this xkcd https://xkcd.com/936/
When I'm trying to log into something on a device that has a terrible keyboard, like a TV or giant touchscreen, it's a lot easier to type words I know than gibberish.
correct horse battery staple; knew it before I clicked the link.
Whoops, I've been pwnd!
https://haveibeenpwned.com/Passwords