Re: Password fields need to be bigger.
And the reason why all these things don't work is nothing to do with lazy coding, or gullible management suits. It's to do with testing.
The basic exchange goes something like this:
Tester: "What's the maximum length and character restrictions of a password field?"
Manager: "From 12 to 4,294,967,295 characters length, 256 valid characters to choose from."
Tester: "OK, that'll take about... four years to test. Assuming a team of six, with full-time engineering support."
Manager: "Four YEARS!?"
Tester: "Well, first we have to generate valid passwords of several different lengths. Then make subtle variations on each one - characters transposed, whole words transposed, upper/lower case, varying amounts and types of whitespace, and about three dozen other variations I haven't even thought of yet. Then we need to enter all of them in several different ways - typing, Swyping, pasting from clipboard, entry from imported file, interface from 'ShIT' portal. Then Sam, she's hot on this sort of thing, will try to generate hash collisions..."
Manager: "You've got two people, and three weeks to test the whole site from soup to nuts."
Tester: "OK, then we can test passwords with a range of 8-12 characters, letters and numerals only, case-sensitive. If you'll give us an extra day, we can even let it reject common dictionary words and phrases with one or two added characters and try the hash-collision thing."
Manager: "No extra day!"