Hidden constraint on password length when creating account
When creating a new account, the sign up form shows the following constraints on passwords:
- Use 8 or more characters
- Use upper and lower case letters (e.g. Aa)
- Use a number (e.g. 1234)
- Use a symbol (e.g. !@#$)
However, there's actually a fifth constraint, which is initially hidden from the user:
- Password length cannot exceed 32 characters
This constraint is only displayed to the user if they enter a password that's longer than 32 characters (see attached screenshots).
Whether it's wise to limit passwords to such an arbitrarily short length aside, I can't think of a reason why hiding this information from the user improves UX 🤷
I suggest making this constraint visible by default.