January 2017
It doesn't make sense to limit the password length to 16 chars because if you hash the password (which you should most definitely be doing) the length doesn't really matter, but because of the requirement of such a low max pass length you greatly reduce security with no added benefit. I would like to hear the reasoning for such a limit.
January 2017
At a minimum, there are 26+10 possible characters per position, of which there can be 16. My napkin math shows
36^16=7,958,661,109,946,400,884,391,936 possible passwords. Nearly eight septillion possible passwords should be enough, especially if you use https://www.random.org/passwords/ to generate strong passwords.
February 2017
@EA_Barry wrote:
At a minimum, there are 26+10 possible characters per position, of which there can be 16. My napkin math shows
36^16=7,958,661,109,946,400,884,391,936 possible passwords. Nearly eight septillion possible passwords should be enough, especially if you use https://www.random.org/passwords/ to generate strong passwords.
"especially if you use https://www.random.org/passwords/ to generate strong passwords."
Just give us a bigger character limit, a limit this low on passwords is unacceptable. All my other passwords are 25-30 characters long, why is this still a thing in 2017?
August 2017
So because it's good enough for EA's math it's good enough for the users? I keep getting my Origin password hacked because every time it's hacked I have to set the password to something less secure than any of my other accounts, thank god I have two-step verification or I'd be recovering my account every month. Not only does the limit force me to have a less secure password, it also makes it a lot easier to hack passwords because everyone knows it's somewhere between 8 and 16 characters. What reason is there to limit the passwords?
February 2019
This is a completely unacceptable answer. Five seconds of googling will tell you why. The limit on special characters and password length demonstrates that EA does not know how to design a secure password system with hashed passwords. This is taught in 100 level college classes on IT security, and it reveals the level of quality and care behind Origin's infosec. It's only a matter of time before there is a data breach which reveals the cleartext password of your users.