Password Change Form Broken

[ss2342]

Currently, the password change form is broken, in that it only allows a minuscule subset of data to be used for a password. Not only is it limited to ascii only, but a subset at that. When I attempt to change my password, as I have done, I'm informed that I cannot do so.

Being a developer myself, I can't understand the rationale to such a decision, and consider this a security bug.

For reference, the forum software on the other hand allows this.

Edited June 28, 2011 by ss2342

[Locke]

Can you give an example of the complexity attempted and the complexity allowed? I currently have a mixed cap/uncapped/number/symbol password over 8 characters without issue.

[ss2342]

[quote name='Locke' timestamp='1309243157' post='2743295']
Can you give an example of the complexity attempted and the complexity allowed? I currently have a mixed cap/uncapped/number/symbol password over 8 characters without issue.
[/quote]

The form itself tells you what is accepted, anything not on that is denied. The valid characters are:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzƒŠŒŽšœžŸÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýþÿ0123456789-!@#$%^&*()-=_+?/.;'\
I've realised that this is more than just ascii, but a subset of ascii still. As an example of characters that aren't allowed, } and | are two very obvious ones. The idea of saying "screw you" to anyone who wants to use another language for their password is annoying too.

Note: This limitation is in the Javascript only. It simply needs to be removed. Using other characters in your password is fine. (This is just to illustrate this isn't a technical problem, just a usability one).