A lot of sites don't allow more than 12 chars. Of the top of my head, Nintendo's rewards scheme has a limit on the number of characters, it lets you use more but actually truncates the password to 12 or so. Some sites truncate it on the sly then say "incorrect username or password!" when you enter your stored 16+ character password.
Other sites silently break if you use characters outside A-Za-z0-9. e.g. you set a password with } or @ in it, then can't log back in again.
Ebay wouldn't let me paste a password into the password field recently, I had to type it out, and the keepassx "autotype" feature was thwarted by their focus-altering javascript code on the form. I also think they silently dropped special characters - I know it took me 4 or 5 password reset emails to get the new stored pw to stick.
Paypal requires that you enter a credit card number to change the password, so rotating it is tricky if you don't have the card on hand. I'm undecided if this is good or bad, since this sort of 2 factor makes it harder for someone to hijack your account.
There are a lot of ways that sites try and make life hard if you are doing things the right way and using a pw manager. It feels like there's this big conspiracy driving us to use the same "Monkey123" password everywhere.
I use a password generator. My defaults are _long_. But the nice thing is that I can pass it most constraint rules reasonably readily to create a valid password if I need to fit another use-case.
I don't use Ebay, but that sounds particularly annoying. Conversation on G+ suggests that the copy/paste defeat is to combat copy/paste exploits elsewhere, though by that point you might as well declare game over anyhow.
I'm definitely _not_ using "Monkey123" everywhere. But a lot of sites get a perfectly cromulent password ... and a mailinator.com email address (also randomly generated). I never use the same tokens twice (mostly registration-required but no real utility / long-term state storage).
Other sites silently break if you use characters outside A-Za-z0-9. e.g. you set a password with } or @ in it, then can't log back in again.
Ebay wouldn't let me paste a password into the password field recently, I had to type it out, and the keepassx "autotype" feature was thwarted by their focus-altering javascript code on the form. I also think they silently dropped special characters - I know it took me 4 or 5 password reset emails to get the new stored pw to stick.
Paypal requires that you enter a credit card number to change the password, so rotating it is tricky if you don't have the card on hand. I'm undecided if this is good or bad, since this sort of 2 factor makes it harder for someone to hijack your account.
There are a lot of ways that sites try and make life hard if you are doing things the right way and using a pw manager. It feels like there's this big conspiracy driving us to use the same "Monkey123" password everywhere.