The vast majority of security leaks are from people writing their passwords down
Yeah, and when you limit passwords to 8 characters, people feel compelled
to include upper and lowercase characters, numbers, and punctuation,
resulting in passwords that are impossible to remember,
so they write them down. A longer password made out of three or
four words is A) harder to brute-force if someone should happen
to try and B) substantially easier to remember.
The traditional reason to limit passwords to 8 characters was because
with primitive hashing algorithms used in the 1940s (partly due to the
limits of what processors could handle at the time) only the first few
characters were significant anyway, so a longer password would provide
a false sense of security. In modern times, longer passwords should
be allowed if the password hashing algorithm can handle them.
Sanity? Oh, yeah, I've got all kinds of sanity. In fact, I've developed whole new kinds of sanity. Why, I've got so much sanity it's driving me crazy.