Inconsistent Password Length Requirements and Being Locked Out

PB Forum :: Bug Reports
Inconsistent Password Length Requirements and Being Locked Out
Previous Page | Next Page
Author Message
Posted: May 25, 2014 at 15:21 Quote
In recently changing my Pinkbike credentials, I came across an issue with long passwords.

On the password change form (u/username/changepassword/) you are free to enter a password as long as you like. When changing mine, I opted for 40 random alphanumeric characters and symbols, which was duly accepted. Unfortunately, when I tried to log back in on another computer, my access was denied with the error "This field must be less than 22 characters" (not that my password was incorrect, it obviously doesn't get that far).

My only option was to proceed through the password reset form, email, and and code-verification steps to reset my password. When I did and I was prompted to enter a new password, I again attempted 40 characters but was given the same "less than 22" message. I tried 22, just to be sure, but got the error again, so it's definitely less than 22, or in other words len(pass)=21, which itself seems a rather arbitrary number.

Please fix the user-profile password change form to enforce a consistent character limit on passwords as is present everywhere else so people don't end up in the same password loop I did. It'd be nice if the overall limit was also increased to something like 40, but I guess 21 will do for now.

Posted: Aug 18, 2014 at 10:42 Quote
Did this ever get reviewed?

Copyright © 2000 - 2019. All rights reserved.
dv65 0.011043
Mobile Version of Website