How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
this post was submitted on 10 Jan 2025
304 points (95.5% liked)
Cybersecurity - Memes
2063 readers
4 users here now
Only the hottest memes in Cybersecurity
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've had a similar experience with a service that automatically truncated passwords if they were too long
Note that for others reading this, what normal people think of as too long probably doesn't signify. Some asshat somewhere may have decided greater than something like 8 characters is "too long." Without telling you. Said asshat may indeed even be on the database side, and concluded somehow that varchar(8) should be sufficient for storing passwords. Right???
It is not only easy for flagrantly badly designed web systems to display this behavior, but also depressingly common. And more closely the page or system you're using is related to your local government, the probability of it being hilariously incompetently designed moves ever closer to becoming 1.
Ya know what's actually even more absurd? The password was truncated on creation. The webpage allowed me to type 36 characters into the field, then only saved the first 30 of them.
I verified the full 36 character password before creating the account, and was immediately met with "wrong password." Noticed the 30 character limit when looking at the password change form, and tried cutting the last 6 characters off my existing password, which unfortunately was successful.
They must have been storing your password in plaintext on their end in order for that to work.
So not only did somebody forget a maxlength=30 on the field, but their validation on the server side was also crap. Genius!