Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?

I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.

And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?

    • uniqueid198x@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I don’t really know the strong points of either, I’m not a cryptographer. Bcrypt gets recommended because its relatively fast, its decent, and most importantly its already in most environments

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Bcrypt is slow on purpose; all these methods are. More importantly, though, bcrypt is very well studied. Scrypt and argon2 had to catch up, but should be fine at this point.

    • dog@suppo.fi
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Argon2 is the best (secure) crypto currently.

      That said, adoption is slow, Bitwarden only recently implemented it for example.

      That said, due to Argon2 being security-oriented, the recommended settings for it are pretty heavy.