I’ve just found another gem today. You know how everyone keeps saying how we should use unique long complex passwords to improve security? And you’d especially want that with financial services like payment systems, payment processors, banks… Right?
Well, here comes motherfucking PayPal with their password gem:
Now, I applaud them for limiting the minimum password length to minimum of 8 characters. But for fucks sake, why do you have to limit it to 20 characters as maximum? WHY? You’re literally telling the whole world brute forcing any users account will never ever have more than 20 characters long password. And just from sheer perspective of limiting users with the most important and basic things when it comes to account security.
What if user wants to use 25 characters long password? Tough luck. 40 characters or maybe even 150 characters? Users should NEVER be limited on the upper end of length. Only limit that I can accept as reasonable limit is something like 128 characters. If you can’t technically deliver something like this, then what are you even doing with your company?
I’ve ranted at smaller services than PayPal for nonsense like this, but there is absolutely NO excuse that I can accept with PayPal limiting passwords like this. They are simply too big, used by too many people and handle real frigging money to be allowed to do bullshit like this. Limiting password length to 20 characters is simply UNACCEPTABLE! Get your shit together PayPal and remove this absurd limit NOW!
3 thoughts on “PayPal, stop limiting password lengths you total imbeciles”
Well you ain’t seen nothing. My bank ( ING) limits my internet banking account password to 5 characters. The password must be 5 numbers, no more, no less. They used to allow alphanumerical passwords in the past ( I think it was 6 characters minimum and don’t remember the max ) but they decided to cancel that because of people feedback that the password is too long and they forget it or it takes too long to enter.
So they decided to use a freaking PIN number of 5 characters. At least they use 2FA.
Damn… That’s a very idiotic and restrictive password policy…
And here I was complaining that my bank was forcing me to use a 8-characters password (alphanumeric, at least).
They also limit the symbols you can use in your password. I like to use stems in my passwords to keep it organized but they don’t allow dashes (-). What’s even the point of making password restrictions like that?