Passwords are a terrible form of authentication anyway -- if it's something that actually matters, use some form of 2-factor auth.
Requiring a long password on a site where the impact of a breach is minimal is not a good policy, you're just going to get people who can't ever login.
Requiring a long password on a site where the impact of a breach is minimal is not a good policy, you're just going to get people who can't ever login.