@0x76

At a minimum, there are 26+10 possible characters per position, of which there can be 16. My napkin math shows

36^16=7,958,661,109,946,400,884,391,936 possible passwords. Nearly eight septillion possible passwords should be enough, especially if you use https://www.random.org/passwords/ to generate strong passwords.

---

@EA_Barry wrote:

@0x76

 

At a minimum, there are 26+10 possible characters per position, of which there can be 16. My napkin math shows

36^16=7,958,661,109,946,400,884,391,936 possible passwords. Nearly eight septillion possible passwords should be enough, especially if you use https://www.random.org/passwords/ to generate strong passwords.

---

"especially if you use https://www.random.org/passwords/ to generate strong passwords."

xkcd: Password Strenght

Just give us a bigger character limit, a limit this low on passwords is unacceptable. All my other passwords are 25-30 characters long, why is this still a thing in 2017?

So because it's good enough for EA's math it's good enough for the users? I keep getting my Origin password hacked because every time it's hacked I have to set the password to something less secure than any of my other accounts, thank god I have two-step verification or I'd be recovering my account every month. Not only does the limit force me to have a less secure password, it also makes it a lot easier to hack passwords because everyone knows it's somewhere between 8 and 16 characters. What reason is there to limit the passwords?

This is a completely unacceptable answer. Five seconds of googling will tell you why. The limit on special characters and password length demonstrates that EA does not know how to design a secure password system with hashed passwords. This is taught in 100 level college classes on IT security, and it reveals the level of quality and care behind Origin's infosec. It's only a matter of time before there is a data breach which reveals the cleartext password of your users.