Home / Contact

Silly Password Rules. Why Limit Length?

Every once in a while I come across a website worthy of registering to. Recently, mint.com has been that website. The web application seemed very sturdy, useful, and Web 2.0 at first glance, even in the beta version. At least that was my belief before discovering the first, but only, bug that I could find. The bug was a problem concerning password length and the limitations the site imposes on the user's choice to use a long password. Currently, the site imposes a 16-character password limit. This limit is a little ridiculous by itself but is made even worse by the fact that the password input field on the main page allows you to enter as many characters as you wish. Imagine registering with a password larger than 16 characters but the input field is limited to only 16 characters. In this case, you can type all day but only the 16 first characters will be used as your password. This does not upset me in most cases because it usually does not cause any major problems but there are a handful of times that it has become an issue. When registering, I rarely even realize that the system is not allowing me to use the entirety of my password, I just continue typing and it cuts me off when it's ready. This works out just fine as long as all the other login password fields react the same way. Unfortunately I've discovered some cases where they allow you to type more than 16 characters into the field instead of limiting it. What ends up happening is that I enter my full password as usual and the system realizes that it does not match and therefore will not authenticate me. I then have to request my password be changed and emailed to myself. Then I change my password back and the same thing occurs the next time I need to log in. I'm not sure what frustrates me more, the fact that it's happening, in general, or the fact that it's such a simple fix and easily avoidable. The hassle dealing with password management is irritating enough but adding the additional lack of security, due to the limited password size, on top of that makes things even worse -- especially when it is a financial institution you are dealing with.

Copyright 2007. Don't steal my crap, please. My CSS is invalid. My HTML is invalid. If this bothers you, rewrite it. I made my own banner by tracing a picture I found on Google Images. If you are the guy I traced -- I'm sorry. I don't plan on making any money with this site so you're probably not missing out anyway.