AOL’s Password Puzzler

From Security Fix

It turns out that when someone signs up for an account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters.


“Truncating the password at eight characters is a big deal, and there’s no excuse for any company in today’s world to be doing that,” Schneier said. “Especially because AOL has…shall we say, some less sophisticated users”

One of the commenters on the article asked if there was anything that AOL couldn’t do wrong. Well said.

Leave a Reply