[gatordan]

I don't have a blog and I don't know the proper convention for those "Show/Ask HN" posts so I suppose a comment here is the next best thing because my question is related.

After reading the "Yes, I was Hacked. Hard." post I updated several of my passwords and found that Netflix enforces a 10 character limit on their passwords. Does anyone have an idea why or how this could be the case? I would find it very ironic if they did this to save a few bits per user in their database considering they're a media streaming company.

[damian2000]

Very likely its just some sort of limit imposed by a security API or library call. Definitely not a way to save space. Its really idiotic - they should be extending it out to longer than that, but there are still some banks around that impose shorter limits than this (8 chars) so they are in good company.