How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
Note that for others reading this, what normal people think of as too long probably doesn’t signify. Some asshat somewhere may have decided greater than something like 8 characters is “too long.” Without telling you. Said asshat may indeed even be on the database side, and concluded somehow that varchar(8) should be sufficient for storing passwords. Right???
It is not only easy for flagrantly badly designed web systems to display this behavior, but also depressingly common. And more closely the page or system you’re using is related to your local government, the probability of it being hilariously incompetently designed moves ever closer to becoming 1.
Ya know what’s actually even more absurd? The password was truncated on creation. The webpage allowed me to type 36 characters into the field, then only saved the first 30 of them.
I verified the full 36 character password before creating the account, and was immediately met with “wrong password.” Noticed the 30 character limit when looking at the password change form, and tried cutting the last 6 characters off my existing password, which unfortunately was successful.
So not only did somebody forget a maxlength=30 on the field, but their validation on the server side was also crap. Genius!