Minimum should be 8 and max is (I think) 32.

Use letters with codes like these £ ↔∟ • @

Use letters with codes like these £ ↔∟ • @

Not necessary:
https://xkcd.com/936/

Minimun is 8, you'll want at least 25-32. Best passwords are ones, like fka0355Nlgmdv3NGd06Kr totally random that means nothing to you as most people write passwords about themselves in some way to remember them and best to use a .doc to save password if you can lock it somewhere.

Originally posted by Cathulhu:

Not necessary:
https://xkcd.com/936/

coorecthorsebatterystaple -> 44 bits of entropy, but actually not THAT hard to guess with a dictionnary attack at billions of guesses per second (which is not that uncommon)

=/25ny%N-iHZP0jG9&5"~>CaH._99z@3syn6uyopp<[RcP{5ZUx4n7imp`Hbz:?t8@gU"rXa+#X@NI]Cw'(LXTE7zpjHO{Z633!@hw7-f6sz~3Pn?v;){It?D~U&xauu -> 786 bits of entropy; Difficulty to remember: your password manager does it for you; no dictionnary nor bruteforce attack possible

Originally posted by Cathulhu:

Not necessary:
https://xkcd.com/936/

Originally posted by B l u e b e r r y P o p t a r t:

Minimun is 8, you'll want at least 25-32. Best passwords are ones, like fka0355Nlgmdv3NGd06Kr totally random that means nothing to you as most people write passwords about themselves in some way to remember them and best to use a .doc to save password if you can lock it somewhere.

I did not ask for advice on how to generate a strong password, please read the message more carefully next time.

Well I gave that to you in the first line of my comment so I guess you should read before commenting too I guess (Steams support account page dosen't give a complete answer to your question), but I added a little more to be nice.

Originally posted by B l u e b e r r y P o p t a r t:

Well I gave that to you in the first line of my comment so I guess you should read before commenting too I guess (Steams support account page dosen't give a complete answer to your question), but I added a little more to be nice.

You only gave the minimum number of characters, which as written in my original comment I already knew.

Originally posted by Barahir:

Originally posted by Cathulhu:

Not necessary:
https://xkcd.com/936/

coorecthorsebatterystaple -> 44 bits of entropy, but actually not THAT hard to guess with a dictionnary attack at billions of guesses per second (which is not that uncommon)

You can't do a dictionary attack on a steam account. You'll be locked out after a number of incorrect tries. If they actually get the database, Valve will warn you to change your password. Using words in such a manner is fine.

Originally posted by Barahir:

your password manager does it for you;

Multiple password managers have been in the news recently due to weakness or outright being compromised.

Also, it's only a steam account. Worst case, you're locked out of a few games for a couple of days. Don't go overboard on the security.

Originally posted by Washell:

Originally posted by Barahir:

coorecthorsebatterystaple -> 44 bits of entropy, but actually not THAT hard to guess with a dictionnary attack at billions of guesses per second (which is not that uncommon)

You can't do a dictionary attack on a steam account. You'll be locked out after a number of incorrect tries. If they actually get the database, Valve will warn you to change your password. Using words in such a manner is fine.

Originally posted by Barahir:

your password manager does it for you;

Multiple password managers have been in the news recently due to weakness or outright being compromised.

Also, it's only a steam account. Worst case, you're locked out of a few games for a couple of days. Don't go overboard on the security.

I don't want this discussion to become a debate on password security, please just stay on topic (I acknowledge I should have ignored the other messages if that's what I wanted, I hope you will understand).

i think that a password like that is a bit overkill, since we have the steam app, but everyone is free with his choices, and sadly no one here can answer you,if you want a definitive answer your only option is the suport of steam.

Originally posted by Barahir:

Originally posted by Cathulhu:

Not necessary:
https://xkcd.com/936/

coorecthorsebatterystaple -> 44 bits of entropy, but actually not THAT hard to guess with a dictionnary attack at billions of guesses per second (which is not that uncommon)

=/25ny%N-iHZP0jG9&5"~>CaH._99z@3syn6uyopp<[RcP{5ZUx4n7imp`Hbz:?t8@gU"rXa+#X@NI]Cw'(LXTE7zpjHO{Z633!@hw7-f6sz~3Pn?v;){It?D~U&xauu -> 786 bits of entropy; Difficulty to remember: your password manager does it for you; no dictionnary nor bruteforce attack possible

You do realize, No passwords are broken by bruteforce these days right. Never mind that most sites will flagg you on too many retry attempts and if they get a lot of consecutive failed retries from multiple sources they will basically put a lock on whatever account is there.

Your lovely string there is not something most humans will ever rememeber so you'd likely need to keep it written down somewhere, and anyone who comes across a load of gibberish like that will likely assume it is in fact some password.

Ikeeping you password secure these days is less about complexity and more just not letting others know it.

If you are sure you need a 128 digit password for steam,
you surely can answer why a 10 digit password on steam wasnt safe?

Keep your impression aside. Just tell us the fact why a 10 digit password on steam wasnt safe.

Originally posted by Barahir:

I'd like to have a password as strong as possible, but unfortunately when I try for instance to change my password to a 128 character long one, Steam tells me it is invalid without further information (all I know is that it has to be at least 8 characters long).
Does anyone know the specific password requirements, that is the characters avalaible and the min- and maximum length?
I cannot ask the Steam support directly because it seems I am not clever enough to find where to ask a question and not be redirected on one of their help pages.
Thank you.

I just went through the same process. The password reset page states at least 6 characters (not 8) minimum with mixture of upper and lower case letters and at least one number. They do not mention the maximum length. I used a 16 character password with a random combination of uppers, lowers and numbers and it was refused. I deleted the last 4 characters, (now down to 12) and it accepted it. So I think the maximum is somewhere between 12 and 15.