tells me my (12-character) password is too long, while a string of 100 A's is OK. FFF is a fine password, but 777 is too long. What gives? (Somewhat long but delightfully pattern-y description follows)
Let's say my chosen password is 99clobdatz47. This, it tells me, is too long. 99clob47, which is only eight characters, is also deemed too long. I then try just clobdatz, another eight-character password, but this time I'm told it's OK! In fact, clobdatz4799 is OK as well. Testing my hunch that it's those leading 9's causing the problem, I discovered some interesting patterns.
First off, passwords must be at least three characters. Two-character passwords are too short, and three-character passwords are OK, with the exception of passwords beginning with two numbers. For these, the following rules apply:
- Any three-digit permutation of the numbers 1-9 (0 is exempt) is too long. For example,
3: too short
33: too short
333: too long, and
4: too short
47: too short
479: too long, but
000: OK. (00 is still too short, but there's no commentary at all on a single 0) This has held up for every set of three numbers I've tried.
- Any two numbers followed by a letter will be "too long," UNLESS the first number is a 1, in which case it's OK regardless of the second number, e.g.
23b: too long
75x: too long
94d: too long, but
14m: OK. 111 is still too long.
- When you start messing around with zeros, things get extra screwy. For "number-number-letter" passwords, a 0 in the second place acts as any other digit would, making the final result "too long," unless the first digit is a 1 or 2. It makes no difference in "number-number-number" passwords.
30k: too long
90d: too long
100: too long
206: too long, and so forth. For numbers beginning with 0, a (non-zero) number in the second and third places will make it too long, unless the second number is 1, in which case the third can be any number, or if the second number is 2 followed by a zero. Any number can be in the second place if a letter is in the third. If the first two numbers are zeros, any number or letter can be in the third. A number followed by two zeros is still too long.
064: too long
053: too long
030: too long
025: too long
028: too long
900: too long
600: too long
- Finally, there doesn't seem to be any password that actually is
too long, provided it doesn't start with two digits. 100 A's in a row was fine, as was the letter B followed by several dozen 8's.
So my question to you is simply, "Why?" It seems unlikely that these patterns were intentionally implemented, so how could they have arisen? If no password is in actuality too long, why use that as a reason for limiting passwords at all? Why are 1 and 2 special? Why any of it?
I'm open to both informed answers from knowledgeable sources and wild mass guessing. Thanks, all.