What is your favourite password rule?

  • Ephera@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 months ago

    My ‘favorite’ password rules are incorrect rules. Recently signed up to a service, which looked like it hasn’t been updated since the 90s. They sent me my password via letter, but hey, I was allowed to change it digitally.

    So, I did. I set it to a reasonably long password (probably something like 22 characters), with no problems.

    Then I went to login and it refused my login. I copied my password out of my password manager, for both setting it and logging in, so there was no way that it was wrong. I quadruple checked the login name, but no luck.

    Eventually, I manually typed the password from my password manager. Then I saw it, their password field stopped accepting inputs after about 20 characters.
    Presumably, I was able to set my long password on the registration page, but the login page did not accept this long of a password. Fucking ace.
    I had to order another password letter.

    • bleistift2@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      As a website developer, it’s easy to just use the ‘maxlength’ attribute on fields you don’t want to exceed a certain length (for valid reasons or not). But then exactly this happens: A user pastes something in there, doesn’t notice that their input got truncated, and something, somewhere breaks.

      ‘maxlength’ is terrible user experience.