It seems that I run into this situation every week…
I go to a website, sign up for an account, and my password gets rejected with the message “Your password contains too many characters, a maximum of X is allowed”. Where X equals whatever small character limit has been set on the password system.
Low character passwords are a security threat
Listen up developers & system admins! Your puny character limitation for passwords is NOT cool. We live in an age of identity theft, information theft, hackers and a constant barrage of threats to information security. Why in the HELL would you make a low maximum character limitation rule for passwords, when it makes them easier to guess/crack/steal/hack?
All sites should allow passwords of 12 characters long at a MINIMUM. Allowing 20 or more characters would be ideal. No one should be using passwords anymore. Nowadays, pass phrases are necessary to avoid an easily compromised account.
Use SSL to encrypt password transmission
And on a related note, every site that protects important information or accounts using a password should be using an SSL certificate and forced HTTPS. Submitting a password over HTTP transmits that information over the internet in plain text, allowing network sniffers to read the text being transmitted.
Get with it websites. Please.