• psud@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    My electric and gas utility truncates passwords, but lets you type hundreds of chars when setting a new password

    To log in, you need to intuit how much of your password they’re using, if you enter too many chars it fails like in the op image

      • psud@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Step 1: create a 20 character password, store it in your password manager

        Step 2: the account creation process keeps the first 16 characters

        Step 3: attempt to log in with the 20 character password, fail.

        I found the 16 character maximum in the password rules in their FAQ, so tried the first 16 chars of my password and it worked, so the above must be how it worked

        • Swarfega@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          The text boxes shouldn’t have a character limit on them for this very reason. If they need to configure a limit they should allow the form to be submitted but return an error telling it’s too many characters. Truncating the user’s input is really bad for the exact reason you mention.

          There’s a lot of sites with bad ways of handling credentials. I really hate sites that stop you from pasting in passwords.

          • psud@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            My bank used to block pasting, so I used a browser extension version of KeePass to auto type

            Luckily they changed that policy when password managers became the main recommended method of handling passwords

            So I no longer know my bank password, I saw it once when I accepted what KeePass generated