How is it 2021 and password parameters are completely site-dependent? Character limits, no special characters/special characters required/only certain special characters, etc. I feel like the various rules makes it more likely people will use bad habits like writing passwords down, or making less complex passwords more likely?
Edit: Upon further discussion in the replies, with many good points being made, I realized my real question should have been: why do some sites set password parameter limitations? I should be able to input a 25-character complex passphrase with letters, numbers, special characters if i want whether it’s for my Netflix account or Bank account. What I don’t understand is my bank being like, “Nah, you can only use 12 characters, and you can’t use @“. That’s my frustration, and was more my questions because I figured there was a technical reason behind it likely.
In: Technology
How would this be implemented? There is no central service for managing passwords so every implementation is up to the service that is using the password.
What if one database doesn’t support a specific character but other databases do, do you just not support that database and *force* a service to switch databases or die (because they can’t have passwords if they don’t use this password requirement service), or do you let them determine their own requirements?
There are many forms of guidance on what password requirements *should* be, but you can’t enforce it if there is no central entity to do so.
Besides, if a US company starts up and somehow gets authorization to *require* US-based websites to use them for password guidance, that doesn’t mean other countries have to respect it.
Latest Answers