It’s bad enough when I’m forced to use a really long password. It’s not like my standard, strong password isn’t long enough for most (10 characters) or strong enough for most (not a word, combination of letters and numbers). And I use Roboform for those rare cases when they ask for specific requirements which I will not remember no matter what. Sometimes I still have to enter a longer one. But what if I choose to enter a long password … and they ignore part of it?
Enter AOL’s latest gaffe. It appears that even though they allow you to enter a password with 16 characters … they only recognize the first 8.
It turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters.AOL spokesman Andrew Weinstein said the company was looking into the matter, but didn’t have any comment beyond that.
Bruce Schneier, chief technology officer BT Counterpane, called the set-up “sloppy and stupid.” Source: Washington Post
Nice example given at the Washington Post article, on how this could be really bad (basically, use something easy that takes up 8 characters and add strong stuff after that … symbols and numbers mixed). At any rate … 8 as a limit went out with the 8-character filename limit on DOS. This is pretty bad stuff (though expect it to be fixed soon, since this has now been publicized).
