I agree. It is frustrating when websites place arbitrary limits on characters in a passphrase. It's even more frustrating when they add specific rules (e.g. must use at least one number) that actually lower the number of possible combos in the string.

The worst annoyance for me is when they accept my 32+ character password - which I generate and paste from a password manager - and then they silently truncate it to a shorter length! No error, nothing. I remember hearing about some services that did this but the longer passwords still worked, which gave users a false sense of security.

What I run into more frequently is that I have to click the 'Forgot password' link and reset it. Then I cross my fingers and wait to see if they email it back in plain text (this is unforgivable) so I can count the characters and learn what the max length is that way.

Well, how would they fit the passwords in the database if there was no limit? =)

Please tell me this is sarcasm [0]. I assume from the emoticon that it is.

[0] http://en.wikipedia.org/wiki/Poe's_law

Just truncate to the first 10 characters of course.