cancel
Showing results for 
Search instead for 
Did you mean: 

Password rules?

Astronut
Dabbler
Posts: 12
Registered: 31-01-2010

Password rules?

There appears to be a problem with the password confirmation field on the profile editing pages.
I successfully changed my password to a random string of 24 letters, numbers and symbols, then logged out and back in - no problem.
I then went back to make some profile changes and the page refused to accept the new password - neither can I now change the password while logged in.
The only way I've found to get round the problem is to follow the forgotten password process, reset the password to something really simple (short and no symbols for a start), then make my profile changes (no problems) and reset the password to the full thing again.
I've managed to establish from the html that there's actually a 20 character limit (why doesn't the password setting page say so?), but there's evidently more to it than that. The support team on the PlusNet chat line refused to deal with it as they said they couldn't reproduce it. I managed to reproduce the problem on both IE and Firefox.
It looks to me like the password reset fields and the login fields are much more forgiving than the password confirmation fields - which implies they're using different criteria for a valid password.
Problem sorted for now, but not exactly user-friendly! Some explanation of the criteria on the change/reset page would be very useful.
Jon Crew
8 REPLIES
Community Veteran
Posts: 4,915
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: Password rules?

What bit of html gives the 20 character limit? I think the size="20" bits in places is controlling the width of the box on the screen, not how many characters can be entered into it.
Superuser
Superuser
Posts: 9,975
Thanks: 1,510
Fixes: 19
Registered: 22-08-2007

Re: Password rules?

The HTML attribute maxlength=number Specifies the maximum number of characters allowed in an <input> element
Community Veteran
Posts: 4,915
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: Password rules?

I intended that to be asking Astronut where in the html they had found the 20 character limit, since I didn't spot it, although I did see size="20" and a maxlength on something other than the password box.
Superuser
Superuser
Posts: 9,975
Thanks: 1,510
Fixes: 19
Registered: 22-08-2007

Re: Password rules?

Understood that ejs,
I added the comment so as to inform them what controls input length and if they go looking again, what to look for.
Community Veteran
Posts: 4,915
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: Password rules?

I have reproduced the problem exactly how Astronut described it, and now have a long password that I can log in with, but cannot change my password via the usual password change form nor can I change anything on the "Account Related Settings" page.
This is not the first time Plusnet staff seem to think that they have succeeded because they can't find or can't reproduce a problem.
Looking in wireshark, I could see the intended long passwords being submitted (in the clear, not using https), so presume the problem is server side.
Superuser
Superuser
Posts: 9,975
Thanks: 1,510
Fixes: 19
Registered: 22-08-2007

Re: Password rules?

Cool bit of diagnostics!  Front end client and back end interface specifications out of step... wonder if it causes a buffer over-run  Grin Lips are sealed
ScottStorey
Aspiring Pro
Posts: 361
Thanks: 55
Fixes: 1
Registered: 21-02-2013

Re: Password rules?

I'll have a look this weekend at the back end and raise a problem.
Community Veteran
Posts: 4,915
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: Password rules?

Any progress on fixing this? Or is it not worth bothering to fix before the forums get replaced with something more modern looking in a few years time?