Certainly, I agree, but half the web is still that way. Many banking sites even.

cheald · on Aug 4, 2012

I think it's a bit hyperbolic to call it half the web. Only a small handful of sites cap password lengths. They might happen to be sites you use, but it's not nearly as common a practice as you seem to think.

natrius · on Aug 4, 2012

I don't think you're correct. Anyone who's storing a password in plaintext is probably going to use a fixed-width field to do so. I'd bet half the internet stores plaintext passwords. A lot of the web is one-off e-commerce systems that no one should trust anything with.

darkarmani · on Aug 5, 2012

My bank caps at 12 chars -- silently. I couldn't login until i only typed the first 12 chars.

DanBC · on Aug 4, 2012

Are they actually using all that password length, or are they just allowing people to enter long passwords and truncating them?

carey · on Aug 4, 2012

I've used a system at work that truncates passwords when setting them, but not when checking them. It doesn't fill me with confidence.