Jump to content

Password Change Form Broken


Recommended Posts

Currently, the password change form is broken, in that it only allows a minuscule subset of data to be used for a password. Not only is it limited to ascii only, but a subset at that. When I attempt to change my password, as I have done, I'm informed that I cannot do so.

Being a developer myself, I can't understand the rationale to such a decision, and consider this a security bug.

For reference, the forum software on the other hand allows this.

Edited by ss2342
Link to comment
Share on other sites

[quote name='Locke' timestamp='1309243157' post='2743295']
Can you give an example of the complexity attempted and the complexity allowed? I currently have a mixed cap/uncapped/number/symbol password over 8 characters without issue.

The form itself tells you what is accepted, anything not on that is denied. The valid characters are:
I've realised that this is more than just ascii, but a subset of ascii still. As an example of characters that aren't allowed, } and | are two very obvious ones. The idea of saying "screw you" to anyone who wants to use another language for their password is annoying too.

Note: This limitation is in the Javascript only. It simply needs to be removed. Using other characters in your password is fine. (This is just to illustrate this isn't a technical problem, just a usability one).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...