Notifications
Clear all

Minor Issue with Password change procedure


Steve Cross
(@steve-cross)
Active Member
Joined: 2 months ago
Posts: 14
Topic starter  

Hi,

As a retired I.T. geek, I'm perhaps a lot more cautious about computer security than most people. So the first thing I always do on a new site is change to a new, long password. My password manager (1Password) is set to generate a 30 character random password when I need a new one.

Which "seemed" to work just fine when I did the "old ... new ... verify" process on the account page. No errors or anything and the password was changed. However, I could not login when I tested it on a different machine.

Fortunately (being a paranoid sort), I was still logged in on my laptop and was able to determine that the reset page and the login page both silently discard anything over 20 characters. However, the reset page ignores the extra and succeeds in changing the password, but the login page fails with no indication why. 

Perhaps you could put a message on the password reset page indicating the 20 character maximum length.


Quote
DroneBot Workshop
(@dronebot-workshop)
Workshop Guru Admin
Joined: 2 years ago
Posts: 1004
 

Hi Steve

Yes, the forum software imposes a 6-20 character restriction on passwords. I've changed the message on the password change section of the user profile page to reflect this.

😎 

Bill

"Never trust a computer you can’t throw out a window." — Steve Wozniak


ReplyQuote