If we needed another reason to persuade friends and family not to use AOL, here is is. Apparently, while the sign-up page suggests account passwords can be up to sixteen characters (and security experts, like porn stars, would tell you that more is better), AOL actually only use the first eight characters.
As the Washington Post's Brian Krebs explains:
"Let's take a fictional AOL user named Bob Jones, who signs up with AOL using the user name BobJones. Bob -- thinking himself very clever -- sets his password to be BobJones$4e?0. Now, if Bob's co-worker Alice or arch nemesis Charlie tries to guess his password, probably the first password he or she will try is Bob's user name, since people are lazy and often use their user name as their password"
There's some discussion about this being a possible hangover from a 60s enterprise version of Unix, but AOL themselves will say nothing more than that they're "looking into it".