Bluehost, thanksgiving is close, and I have a gift for you. I have found an annoying bug that I'm sure caused an increase in customer support calls.
The password validator removes symbols after 16 characters and uses that as a password instead of warning that PW is too long and not accepting it.
When I enter this PW:
xbCjbYEzhKijQPf7kKs@-wd-cdgZwX
In the password input field, it becomes:
xbCjbYEzhKijQPf7
So people who use password managers and enter passwords longer than 16 characters are guaranteed to have issues when their saved password doesn't work.
Issues:
- Validators edit the PS that the user enters.
- At initial login, the user can still use a password longer than 16 characters
- When the user wants to change account info and is asked for PW confirmation, this field doesn't accept PW longer than 16 characters.
Quick fix:
- Ask the user to reset PW with the "Forgot my password" flow and make sure to use only 16-character passwords.
The right fix:
- Fix the validator to stop editing passwords people enter in the PW field.
- Test all PW input fields to follow the same rules.
- Start accepting long passwords.
