BUG: Incorrect and Inconsistent Password Handling Causing Errors

[PcFwHvpzUK4th56cuRqh]

I missed the text stating that the maximum allowed password length was 32 characters and entered a 175 character password. The web form accepted the invalid password without any error or warning messages and issued a registration confirmation email. I was unable to log in and was forced to use the password reset system to access my new account.

 

Once logged in the Change Password utility also accepted the original 175 character password without any error or warning messages, but it functioned correctly, and I am now able to log in with my original, properly secure, password.

 

 

This is a bug; there should never be a maximum length restriction on passwords. If such a restriction is instituted anyway, then the maximum length should be an absurdly large number and the registration and password change utilities should refuse to accept anything that does not meet the password policy. I have not tested it, but I presume that the registration form is silently truncating entered passwords to 32 characters.

 

 

I don't recall ever seeing a minimum password length of 3. That is incredibly weak.

[bben46]

175 character password may be a bit of overkill for a game site. :tongue:

My guess would be that if the password is too long it would just be truncated and use the first 32 characters.

We have had some non English or non standard characters be rejected, but as far as I know only on the NMM log in and not the site log in. This has caused some confusion as both are supposed to be the same password. But a password may be accepted on the site, and then the same password rejected by the NMM log in as they do use a different password system.

 

And yes, 3 is weak - but we do recommend using something longer. Personally I recommend a password greater than 10 characters. And a different password than you are using for any other site.