PayPal, stop limiting password lengths you total imbeciles

I’ve just found another gem today. You know how everyone keeps saying how we should use unique long complex passwords to improve security? And you’d especially want that with financial services like payment systems, payment processors, banks… Right?

Well, here comes motherfucking PayPal with their password gem:

PayPal_Passwords.png

Now, I applaud them for limiting the minimum password length to minimum of 8 characters. But for fucks sake, why do you have to limit it to 20 characters as maximum? WHY? You’re literally telling the whole world brute forcing any users account will never ever have more than 20 characters long password. And just from sheer perspective of limiting users with the most important and basic things when it comes to account security.

What if user wants to use 25 characters long password? Tough luck. 40 characters or maybe even 150 characters? Users should NEVER be limited on the upper end of length. Only limit that I can accept as reasonable limit is something like 128 characters. If you can’t technically deliver something like this, then what are you even doing with your company?

I’ve ranted at smaller services than PayPal for nonsense like this, but there is absolutely NO excuse that I can accept with PayPal limiting passwords like this. They are simply too big, used by too many people and handle real frigging money to be allowed to do bullshit like this. Limiting password length to 20 characters is simply UNACCEPTABLE! Get your shit together PayPal and remove this absurd limit NOW!

2 thoughts on “PayPal, stop limiting password lengths you total imbeciles

  1. Well you ain’t seen nothing. My bank ( ING) limits my internet banking account password to 5 characters. The password must be 5 numbers, no more, no less. They used to allow alphanumerical passwords in the past ( I think it was 6 characters minimum and don’t remember the max ) but they decided to cancel that because of people feedback that the password is too long and they forget it or it takes too long to enter.
    So they decided to use a freaking PIN number of 5 characters. At least they use 2FA.

    Like

    1. Damn… That’s a very idiotic and restrictive password policy…

      And here I was complaining that my bank was forcing me to use a 8-characters password (alphanumeric, at least).

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s