I recently changed my SHELL / FTP passwords at DreamHost because of the little Blogger security breach. (I don’t use Blogger any longer, but I thought I’d be on the safe side.) Customer Support sent me the following message:
After looking further into your account it was discovered that you only changed one character between your old and new password (and that being the 10th character in your password). However UNIX password encryption only cares about the first eight characters. Thats why you should probably limit your password to 8 characters because anything after the 8th character doesn’t matter.
“A UNIX password can be up to eight characters, any extra characters will be discarded, making the passwords ‘Still won’t talk, eh, Spiff?’ and ‘Still wo’ mutually interchangable.”