Looks like Less Wrong limits password lengths to 20 characters, which makes it hard to use "correct horse battery staple"-style password schemes.
It also raises worrying considerations about how passwords are stored in the database. Passwords should never be stored in plain text, nor with reversible encryption. Instead, each account should store a password verifier value (and a salt, unique to the user).
A password verifier is the result of running a password, its salt, and possibly another input that isn't kept in the DB all through a function that produces some deterministic value that is nigh-impossible to brute force. A property of password verifiers is that they produce output of a constant leng...
If it's worth saying, but not worth its own post (even in Discussion), then it goes here.
Notes for future OT posters:
1. Please add the 'open_thread' tag.
2. Check if there is an active Open Thread before posting a new one. (Immediately before; refresh the list-of-threads page before posting.)
3. Open Threads should be posted in Discussion, and not Main.
4. Open Threads should start on Monday, and end on Sunday.