• doctordevice@lemm.ee
      link
      fedilink
      arrow-up
      22
      ·
      1 year ago

      My favorite is when systems will stealth truncate your password without telling you, but only when setting it. For some reason I often encounter this with systems truncating to 20 characters.

      • Set 24 character password: no error (secretly truncated to 20 characters).
      • Try to log in: credentials invalid (it checks the full 24 character one against the 20 character one).
      • Go to reset to what it should be, password can’t be the same (again, stealth truncating to 20 characters).