I'll believe this when pigs fly.

There's a 0% chance it will work. Most websites I've seen have one or all of:

* Force you to use email or SMS as a "second factor" to unlock changing password even if you know the old password

* A stupid idea of password complexity usually requiring one of a finite set of 5-8 "special characters" which is often only revealed after you've chosen a password that doesn't have them. Or in some cases even banning characters other than the ones they check for. There's a standard for this where you put a regex on the password field, which a good password manager will always use, but the kind of idiots who think limiting the entropy of passwords to increase security is the correct way to do things almost NEVER implement this.

* A maximum password length, even as short as 16 characters in many cases

* CAPTCHA etc.

Any effort spent on this would be better spent elsewhere, including even educating other companies on how passkeys should be used.

▲

mimischi 2 hours ago | parent | next [-]

Some of your points are addressed by: https://github.com/apple/password-manager-resources

▲

2 hours ago | parent | prev | next [-]

[deleted]

▲

charcircuit 2 hours ago | parent | prev [-]

They may be limiting entropy to make it easier for users to remember their password. A user that can't log in is most likely one that will churn.

	▲	xp84 21 minutes ago \| parent [-]
		I don't think firms like the electric company or (payroll company) ADP are worried that I'll churn. Also, the Venn diagram of "memorable" and "reasonably secure" really only intersects in the region of "Correct horse battery staple" phrases -- and the problematic sites I'm talking about nearly always limit length, which thwarts that type of password terribly. What is the purpose of maxlength on a password?? These shouldn't be stored in any form other than a hash, so unless long enough to pose a DoS threat during the hashing process, length is truly none of their business.