A hash has a fixed length, including MD5. There’s no reason to cap password (input) Iength. You can hash the whole bible and still get the same length hash. So either they don’t even hash it, they’re idiots, or they try to be unnecessarily cautious to avoid some other limit / overflow, like POST max size (which would still be counted in at least KB, not several characters). The limit on what special characters you can use is also highly suspicious - that’s not how you deal with injections / escaping your inputs.
While I find your implants path very interesting, impressive and Cyberpunk worthy, I would’t use any externally accessible keys / fobs / etc myself. I wouldn’t want someone to unlock my stuff while I’m sleeping. Same reason I avoid face detection unlock. My mind is the best safe out there, I can memorize a very lengthy passphrase and have no problems typing it.
Those share buttons are trackers themselves. So it’s not about “supporting” those websites by publishing content to them, it’s about undermining the privacy of your readers and doing the opposite of what you preach, and “supporting” those websites by feeding them much more valuable user data. As another comment said, just put a button to copy the permalink and let them paste themselves if they want to share.
As for you sharing a link on the mainstream social media platforms yourself, I’d actually encourage that. Cory Doctorow auto-publishes links (not content) to his articles on as many social media platforms as he can (sorry, can’t find the article in which he describes it). The point is that he still retains control over his content by hosting it himself, he controls the (lack of) trackers and ads, and gaining traffic from these platforms is still to his and his potential readers benefit. Bending your rules a little to reach more people and maybe even convert them to be more privacy-aware is fine.