cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password rules?

Astronut
Grafter
Posts: 28
Thanks: 3
Fixes: 1
Registered: ‎31-01-2010

Password rules?

‎03-12-2014 11:18 AM

There appears to be a problem with the password confirmation field on the profile editing pages.
I successfully changed my password to a random string of 24 letters, numbers and symbols, then logged out and back in - no problem.
I then went back to make some profile changes and the page refused to accept the new password - neither can I now change the password while logged in.
The only way I've found to get round the problem is to follow the forgotten password process, reset the password to something really simple (short and no symbols for a start), then make my profile changes (no problems) and reset the password to the full thing again.
I've managed to establish from the html that there's actually a 20 character limit (why doesn't the password setting page say so?), but there's evidently more to it than that. The support team on the PlusNet chat line refused to deal with it as they said they couldn't reproduce it. I managed to reproduce the problem on both IE and Firefox.
It looks to me like the password reset fields and the login fields are much more forgiving than the password confirmation fields - which implies they're using different criteria for a valid password.
Problem sorted for now, but not exactly user-friendly! Some explanation of the criteria on the change/reset page would be very useful.
Jon Crew
Message 1 of 9
(4,462 Views)
Reply
0 Thanks
8 REPLIES 8
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Password rules?

‎03-12-2014 8:21 PM

What bit of html gives the 20 character limit? I think the size="20" bits in places is controlling the width of the box on the screen, not how many characters can be entered into it.
Message 2 of 9
(1,398 Views)
Reply
0 Thanks
Townman
Superuser
Superuser
Posts: 25,330
Thanks: 10,898
Fixes: 195
Registered: ‎22-08-2007

Re: Password rules?

‎05-12-2014 11:10 AM

The HTML attribute maxlength=number Specifies the maximum number of characters allowed in an <input> element

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 3 of 9
(1,398 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Password rules?

‎05-12-2014 1:34 PM

I intended that to be asking Astronut where in the html they had found the 20 character limit, since I didn't spot it, although I did see size="20" and a maxlength on something other than the password box.
Message 4 of 9
(1,398 Views)
Reply
0 Thanks
Townman
Superuser
Superuser
Posts: 25,330
Thanks: 10,898
Fixes: 195
Registered: ‎22-08-2007

Re: Password rules?

‎05-12-2014 1:48 PM

Understood that ejs,
I added the comment so as to inform them what controls input length and if they go looking again, what to look for.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 5 of 9
(1,398 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Password rules?

‎05-12-2014 6:42 PM

I have reproduced the problem exactly how Astronut described it, and now have a long password that I can log in with, but cannot change my password via the usual password change form nor can I change anything on the "Account Related Settings" page.
This is not the first time Plusnet staff seem to think that they have succeeded because they can't find or can't reproduce a problem.
Looking in wireshark, I could see the intended long passwords being submitted (in the clear, not using https), so presume the problem is server side.
Message 6 of 9
(1,398 Views)
Reply
0 Thanks
Townman
Superuser
Superuser
Posts: 25,330
Thanks: 10,898
Fixes: 195
Registered: ‎22-08-2007

Re: Password rules?

‎05-12-2014 6:52 PM

Cool bit of diagnostics!  Front end client and back end interface specifications out of step... wonder if it causes a buffer over-run  Grin Lips_are_sealed

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 7 of 9
(1,398 Views)
Reply
0 Thanks
ScottStorey
Pro
Posts: 410
Thanks: 130
Fixes: 1
Registered: ‎21-02-2013

Re: Password rules?

‎05-12-2014 9:55 PM

I'll have a look this weekend at the back end and raise a problem.
Message 8 of 9
(1,398 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Password rules?

‎16-01-2015 8:53 AM

Any progress on fixing this? Or is it not worth bothering to fix before the forums get replaced with something more modern looking in a few years time?
Message 9 of 9
(1,398 Views)
Reply
0 Thanks