I got to discover that one program at work let’s you change your password as expected but silently drops everything after character 16 entered while doing so. Of course that’s not mentioned in any documentation I have access to.
Been there. It’s somewhat ok if they do it consistently. E.g. registration and login form both allow more than 16 chars and then just truncate the password silently.
Worse is if the registration form does it, but the login form uses the full password you entered (or vice versa) and then the login fails because the password doesn’t match…
I got to discover that one program at work let’s you change your password as expected but silently drops everything after character 16 entered while doing so. Of course that’s not mentioned in any documentation I have access to.
Been there. It’s somewhat ok if they do it consistently. E.g. registration and login form both allow more than 16 chars and then just truncate the password silently.
Worse is if the registration form does it, but the login form uses the full password you entered (or vice versa) and then the login fails because the password doesn’t match…