• trafficnab@lemmy.ca
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    Unless they’ve changed it very recently, Paypal still limits your password to 20 characters

      • trafficnab@lemmy.ca
        link
        fedilink
        arrow-up
        6
        ·
        8 months ago

        Air Canada’s online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning “aaaaaa” and “bbbbbb” were effectively the same password, and this was only fixed in 2018

        • 4z01235@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

          • trafficnab@lemmy.ca
            link
            fedilink
            arrow-up
            4
            ·
            8 months ago

            My personal theory is that it’s a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it

    • MeanEYE@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      8 months ago

      Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.

      • trafficnab@lemmy.ca
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        That’s normally my assumption too but surely PayPal has proper security, right? Right??

        • MeanEYE@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          It’s possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.