Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?
I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.
And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?
Banks are the worst in this, the one website that should have secure passwords uses standards so low that KeePass can’t even go so low. I have to use a password I can remember, which may not actually be of a low standard but is in this case, considering it’s only 10 chars.
Banks are the single industry most likely to be handing the passwords over to a 1970s mainframe that expects everything to be encoded in EBCDIC at some point in the validation sequence.
This is an explanation, not an excuse.
That’s the digital equivalent to the key under the rock, but it’s the only rock on your porch.