Completely agree. For example, I use two-factor authentication on all accounts that allow me to. Regarding limiting to 12 characters, the sites in question there are putting there users at risk and it's very likely they aren't storing passwords correctly, leaving anything you put in that password box vulnerable anyway.