The worst I've seen have uncommunicated password length maximums—but don't error... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tiltowait 7 months ago | parent | context | favorite | on: Don't fuck with paste

The worst I've seen have uncommunicated password length maximums—but don't error when you exceed them. Instead, they just truncate your password, but only on creation. When authenticating, they don't truncate, so your password you just made with a password manager is "wrong".

Spotify did/does this. Made canceling my free trial really tricky, because I needed to log in again to do so.

BrandoElFollito 7 months ago [–]

SWIFT did it too. And a few other sites I forgot.

I added this check to my "why the fuck this password did not work" list of idiocies produced by incompetent developers

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact