It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.
That’s not a “strong” password, random characters or not.
Is there a limitation that somehow prevents these sites from allowing more than 16 characters?
I’m talking government websites, not just forums. It seems crazy to me.
I get your point above, and the reason I hate short passwords is that I use passphrases. They are not only easier to type in, but long passphrases of 4+ words (plus a few extra characters and a number) are considerably more secure than the “best” 16-character password made up of random characters.
Per your problem above, is this why some sites send you a 2FA code before asking for your password? To avoid that potential DOS attack?
Yes in your specific scenario, you are righr. But if you even the playing field, apples to apples. If you have 4 words of each 4 letters plus random char at the ebd, lets say equating to 20 characters in total, a random 20 character password is better. Words/phrases are now commonly added to bruteforce attacks unlike before. Use an good password plus a 2fa that isnt sms or email for best protection, or dump passwords if you can for hardware keys.
˙˙˙ɐuuoפ ɹǝʌǝN