Why do we insist on low (for a computer) upper bounds on password length? 6-20 characters? Why 20? Why not 200? Why not 2000? I sure hope we aren’t citing storage concerns, because I’d have to berate someone for storing something other than a hash, and the 20 and 2000 character passwords would have the same length hash. Is there some real reason?
Oh and of course the underlying issue of accepting that passwords are in any way an acceptable means of authentication in 2023. Sigh. Do a little experiment and count how often you type a password for work every day. Every time you type it is an opportunity for someone to watch. Think of how much we are watched in todays world. Sigh.
@svetzal Speaking of watched: https://www.youtube.com/watch?v=QUYODQB_2wQ
