[TheGoddessInari]

I keep wishing everywhere would allow a length of 256,and the extended ascii set. I know it's overkill, but it makes no practical sense to restrict passwords to a particularly low length, let alone the trend of excluding all but a few special characters.

You'd think this is truly the one thing the industry could agree on, but instead you have sites that restrict you to 12 characters, alphanumeric only.

[LinuxBender]

The reason given is usually Denial of Service. The longer passwords create more CPU work on the server multiplied by the number of users logging in or registering accounts. I do not care for that argument. I would much prefer working around potential ddos with proper code segmentation and capacity planning. If it's really an issue then a auth micro-service that predicatively spins up instances or something like that.