Password lengths on websites
I register on a lot of websites. Using KeePass, it is no problem to store a different, randomly generated password for each site.
But…almost all websites I register on limit my password length. Some to as low as 6-8 characters, and many to 12-16. Often they do not explicitly state the minimum length, but the password text box is limited in length.
If you know anything at all about how passwords are kept securely, you will know:
The length of the password has no impact on how much space it takes to store that password.
So why do websites limit us to shorter passwords? I can think of only one reasonable explanation. Our passwords are not being stored securely.
Further aggravating the situation, many passwords are limited to alphanumeric characters and digits. This leaves even longer passwords open to attack. Again, the only reason to limit user’s choices is because they are not being stored securely.
So what can we do about it? The single most important thing you can do is to use a different password for each website. Then, if one of your passwords is cracked, the rest of your online world is not compromised.
Since there is no easy way to remember all your passwords, you should use a password manager (such as KeePass) to store all your passwords.
One final note. Use an especially secure password to secure the rest of your passwords. The simplest way to do this is by using a short phrase. For example, your password could be:
This is Steve’s password. It is kinda long to type, but it is a strong one.
