Why the Fuck is PayPal only allowing passwords up to 20 characters . Even the most useless websites aren't doing that (at least not visisible, maybe they shorten it in the backend).

I still can't get over the idea that I have to use numbers and symbols. Just give me a 30 character text password thank you. It's 2017 ffs.

#CorrectHorseBatteryStaple

@AnonymousGuy
- It's a staple.
- Correct!

The only reason I can think of is that they don't hash passwords 😵

@linuxxx oh no, please don't scare me haha

Do you wanna use an SSH key as password, lol?

@linuxxx Scary. What a shame many websites still do not use hashed passwords after a plethora of breaches lately.

@fox8091 rood

@Artemix I use MD5. Try me. (lol jk)

Cause hashing things securely burns through a lot of CPU cycles. If they don't want to put a lot of resources behind their auth service they have to limit it's load as much a possible so you aren't waiting 5+ seconds just to login. Just hope they are indeed hashing things securely.

@fox8091 SHA256 is not sufficient cryptography, even with salts. You should be using something like bcrypt.