Show the MAX length Requirement Too!

July 12, 2009 at 2:08 AMBen

When creating an account online and you need to enter your desired username and password, it's common for there to be a note regarding the minimum number of characters required for a username/password.  But the maximum character limit is often omitted in this note.  Particularly for passwords, when allowed, I try to make 36 character passwords.  My passwords are just random characters of letters, numbers and special characters.  Every time I spend 30 seconds creating one of these passwords, I always tell myself I need to get one of those random password generators -- but end up never getting one!

Back to my point -- all sites should be making use of the "maxlength" attribute on a text input element.  Not just for usernames/passwords, but for every piece of data that is accepted through a text input.  At the very very least, indicating the maximum length in a note next to the input field would be appreciated.

On numerous sites I've registered at (including large sites), there is no note, and there is no maxlength on the input field.  I spend my 30 seconds typing in a 36 character password to find out when I click the Submit button that the password is too long.  In a couple of cases, the site doesn't even tell you the password is too long.  They just report "Invalid Password".  I'll try shortening it in chunks until they take it.

This may just be a small user experience point, but adding a maxlength attribute takes no time at all and provides immediate knowledge you've reached the max character limit.

Comments (3) -


Nice thought on the MAXLENGTH attribute, it is generally a good usability feature.

Just thought I'd ask, is there any reason you've chosen a 36 character password? Generally speaking, much more than 14 characters is a bit of a wasted effort (NTLM Passwords are broken into chunks of 7 chars, and more than 2 blocks can actually go some way to assisting in breaking the password). I'm also presuming you use something like KeePass to store those passwords?? Otherwise you've got an awesome memory Tong

Just curious... Smile

No particular reason I'm using 36 character passwords ... just a number I've seemed to settle on.  On rare occassion, I stray from this length Smile

All my passwords are in a text file.  Probably not as secure as KeePass or some of the other password mgmt programs.  The text file has worked well for me over the years ... I also keep other pieces of data in the text file grouped together -- like invoice numbers, account numbers, phone numbers, etc.

I think Internet norms have grown us all accustomed to 8 character passwords and I can't imagine too many non-geeks straying too far from what's required. My longest is a little over 20 characters, but the rest are shorter by far. I use KeePass and love it. I also store other important info in it as well.

- B

Comments are closed