Limiting password length sucks…

…but inconsistency sucks even more. Check out the American Express login form:

I'd like to use my usual password.

I'd like to use my usual password.

When you sign up for web access, password length is limited to 7 characters, which is a quite bad design decision in itself. What if I have a scheme to generate 10-character long passwords? Why on Earth can’t I use it?!

But this particular system sucks even more: in the log in form, the password length is not limited. Once I forget that this particular web site does not accept passwords of my usual length, I won’t be able to log in anymore: I’ll keep trying my regular password technique again and again, and it will fail over and over. If you limit the password length you should at least do it consistently, so if I enter a longer password when registering and have some characters thrown away, it would be nice for the log in form to do the same. This way your strange idea of limiting the password length would at least be transparent to me.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: