In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
All passwords longer than eight characters are silently truncated anyway.
Only by very badly designed systems. Most are not truncated but hashed. Those hashes are much longer than 8 characters.
Looks like somebody made a generality out of the Shamir Secret Sharing PayPal implem (read it thought)
good read. TLDR is that Sun Microsystems database software truncated passwords to 8 characters and the OP assumed that others must do that too. I surely hope not, TBH. I thought truncating to 8 characters had to do with computational or storage efficiency back when that mattered. I’m pretty sure most database fields if they’re modern use like a 256 character limit for passwords right?
Wasn’t it one of the first us govt encryption algorithms, operated on 8 byte blocks?
…
Uh? Why?
Only by batshit insane system wreckers. Normal systems don’t do this at all.