I'll take a look - that seems wacky. I'm using devise for authentication and it probably has that set as a default somewhere. Passwords are stored as bcrypt hashes, so length shouldn't matter.

Edit: Max length bumped to 80. If anyone has a legit need past that, let me know :P