• spechter@lemmy.ml
    link
    fedilink
    arrow-up
    33
    ·
    2 months ago

    Another favorite of mine is truncating the password to a certain length w/o informing the user.

    • NotationalSymmetry@ani.social
      link
      fedilink
      English
      arrow-up
      16
      ·
      2 months ago

      Saving the password truncates but validation doesn’t. So it just fails every time you try to log in with no explanation. The number of times I have seen this in a production website is too damn high.

    • Flipper@feddit.org
      link
      fedilink
      arrow-up
      11
      ·
      2 months ago

      The password needs to be 8 letters long and may only contain the alphabet. Also we don’t tell you this requirement or tell you that setting the password went wrong. We just lock you out.