It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.

That’s not a “strong” password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I’m talking government websites, not just forums. It seems crazy to me.

  • jagged_circle@feddit.nl
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 days ago

    They shouldn’t be using salted hashes since a decade or more. Best is to use a memory hard password hash function like argon

    • brisk@aussie.zone
      link
      fedilink
      arrow-up
      2
      ·
      9 days ago

      Can you expand on this? My experience with Argon is looking up a Wikipedia page in response to this comment, but it looks like it uses a salt as an input?

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 days ago

        Its a password specific function. Its also memory hard.

        As oposed to generation a salt and passing that with the password through sha256 or something, which is bad practice