This happened to me the other day:
“ERROR: Password must be 8-12 characters long.”
Oh, shoot me now. Better yet, shoot the developer who wrote that line of code. Who in their right mind puts an upper limit on the number of allowable characters? I understand the sites that push you into making a weak password more secure by adding letters, capitalization and special characters. I can work with that. I have a stable of passwords I use in these situations—throwaway passwords that meet various standards (must have a capital letter, must be a combination of letters and numbers, etc). And of course, I practice good password hygiene and have super-strong and unique passwords for important stuff like banking and email.
But putting an upper limit on the number of characters in a password? That’s absurd. In the end, I had to make up a new one, because all my regulars are too long.
Needless to say, now I can’t remember what it was.