Seems like the limit is 32 characters. That probably covers 99% of passwords ever made.
Even if you use a password manager you can still benefit from storing your master password as a macro, that allows you to have a very long one (at least up to 32 characters) without suffering the negative effects of that (it being a pain in the ass to type all the time).
It doesn't seem unsafe to me, although at first glance it's reasonable to be suspicious. Macro memory is lost if the keyboard is unplugged for a short amount of time, like if somebody swiped it off your desk. Nobody will know you store your password in your keyboard unless you tell them. It may be difficult to even figure out what key combinations trigger the macro; you can make it very complicated with multiple layers. As far as I know, there is no way to pull the layout back off the Ergodox and view it in the configuration tool, so you couldn't just easily look up what the macro combo is. You use 2 factor on everything important anyway right?
If somebody had access to your keyboard to do this, it would be much easier to just plug a keylogger in between the keyboard and PC.
EDIT: it seems likely I misinterpreted what they meant.
I think the parent is talking about the limit in Oryx, their online configuration tool. In Oryx, they limit macros to 4 characters. It's not because storing passwords on the keyboard is unsafe, it's because storing passwords in Oryx is unsafe. They're stored in plaintext and publicly visible.
In response to the parent, you can configure longer macros using QMK directly.
Ahh, so the restriction is in the UI not the firmware. Ok, that makes sense. It wasn't clear to me when I looked at and tried to set a macro. I still think they should just have a big red warning instead of limiting it, though.
Even if you use a password manager you can still benefit from storing your master password as a macro, that allows you to have a very long one (at least up to 32 characters) without suffering the negative effects of that (it being a pain in the ass to type all the time).
It doesn't seem unsafe to me, although at first glance it's reasonable to be suspicious. Macro memory is lost if the keyboard is unplugged for a short amount of time, like if somebody swiped it off your desk. Nobody will know you store your password in your keyboard unless you tell them. It may be difficult to even figure out what key combinations trigger the macro; you can make it very complicated with multiple layers. As far as I know, there is no way to pull the layout back off the Ergodox and view it in the configuration tool, so you couldn't just easily look up what the macro combo is. You use 2 factor on everything important anyway right?
If somebody had access to your keyboard to do this, it would be much easier to just plug a keylogger in between the keyboard and PC.
EDIT: it seems likely I misinterpreted what they meant.