Settings and activity

1 result found

1. Password length has arbitrary and undocumented length limit

   22 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   8 comments  ·  Account Management » Bugs  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   Malisbad supported this idea  ·  Oct 6, 2021
   An error occurred while saving the comment
   Malisbad commented  ·  Oct 6, 2021  ·  Edit…  ·  Delete…

   It doesn't pass the front end validator, but they check the password strength anyways (on the BE for some reason) to power their indicator. That probably has insufficient guarding on the backend (any number of things), and returns a -1 score for password strength. That yields a second error that quickly overwrites the original length error, and it looks silly. The problem lies _mostly_ on their backend because it shows that their validators aren't aligned, and their strength function provides incorrect results. It could be a source of problems for them.

   Save Submitting...