Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why don't sites allow longer passwords?
1 point by tibbon on June 28, 2011 | hide | past | favorite | 1 comment
I'm in the process of securing all of my online accounts using KeePassX to manage the passwords. Many sites (Reddit, Bank of America, Slashdot, etc) only allow 20 character passwords, yielding a 160-bit password. KeePassX suggests by default generating 25 character/200-bit passwords, which doesn't seem to be a bad idea.

It would seem to be a good idea to allow up to 100-character passwords, and I can't see there significant extra burden on the databases/sites to process them. Is there a reason for the 20-character limit that many sites impose?

It should be noted that HN allows 25-character passwords.




because their idiots




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: