Just a small rant.I hate it when a service:

  1. restricts the MAXIMUM length of a password (FUCKING HASH IT! Use SHA-1 and it will always be 160 bit in the end)
  2. restricts the characters I can use (how hard can using UTF8 and properly escaping strings be… just HASH IT and you'll end up with something even a crappy app can work with)
  3. sends my password in cleartext when I'm recovering it (FUCKING HASH IT!)
  4. and an interesting idea (does anybody do this?):

  5. it would be nice to use javascript and hash the password on my pc…