Password Related Stuff I Hate

Just a small rant.I hate it when a service:

1. restricts the MAXIMUM length of a password (FUCKING HASH IT! Use SHA-1 and it will always be 160 bit in the end)
2. restricts the characters I can use (how hard can using UTF8 and properly escaping strings be… just HASH IT and you'll end up with something even a crappy app can work with)
3. sends my password in cleartext when I'm recovering it (FUCKING HASH IT!)

and an interesting idea (does anybody do this?):


4. it would be nice to use javascript and hash the password on my pc…