Please pick a password starting with ad and ending with min

There’s a special place in hell for those who set an upper limit in password lengths.

English letters? Really? So basically no a-z, only Æ, Þ, Ƿ, Ð?

You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn't very knowledgeable about computers at the time and it already felt dumb.

underlines

I had one of those “fancy” Vodafone routers included with my broadband which had a stupid rule set on choosing the WiFi password. It’s my network, not yours, stupid router. It can be as insecure as I want.

Anyway the rules were enforced by the JavaScript so it was easy to bypass until I got my own router to replace it with.

Create a randomly generated password and store it in a password manager

Assuming we can use both lower- and uppercase letters (52 in total), with the ten digits and the underscore that gives us 63 characters to work with. A random 16-character combination of these gives us 95 bits of entropy (rounding down), which is secure enough by modern standards, at least for a home router.

Regardless, I understand the frustration of arbitrary limitations preventing you from choosing a secure password in a way that you're comfortable with.

Not allowing 20 character passwords is criminal, my bank does this.

Just do the Password Game to figure out a good one!

I hate that kind of stuff, when I see this I wonder if they hash the password at all

Lol. Imagine thinking TP Link takes security seriously.

TP-Link.... TP-Link...

I don't trust your bottom barrel software, TP-Link...

16 characters was the minimum length a password should be due to how easy it was to crack… something like a decade ago.

Now it’s something like 20 to 24 characters.

Seriously, if your company is defining maximum password length and demanding specific content, it is failing at the security game. Have the storage location accept a hashed UTF-8 string of at least 4096 bytes - or nvarchar(max) if it’s a database field - and do a bitwise complexity calculation on the raw password as your only “minimum value” requirement.

Look at how KeePass calculates password complexity, and replicate that for whatever interface you are using. Ensure that it is reasonable, such as 150-200bit complexity, and let users choose whatever they want to achieve that complexity.

admin wouldn't even work. It's too short.

Permanently Deleted

Permanently Deleted

Take a string as bytes is bad with weird non-ASCII characters. Been there, been bitten in the ass by it.

At least with e-mail clients different clients on different operating systems use different encoding by default for their passwords.

With a router I could imagine different client apps following different standards.

add1more_Dopamin

Adrenamin™

I HATE THIS SOO MUCH AHHHHH