te4.org silently destroys excess password characters.
Posted: Tue Oct 21, 2014 5:04 am
I went to register, and did my usual thing -- bring up KeePassX and use it's password generation system to generate a 32-character password.
However, when I tried to login ingame, it kept rejecting it.
Finally I spotted this:
The length of the above quoted password is 30, not 32 -- the final two characters are missing. Meaning the password stored in my password wallet was different from the actual password needed to login!
Before I noticed that, I had decided to change my password to something shorter -- 16 characters long. With that, I managed to successfully login in-game.
IMO an appropriate fix would be to a) indicate the allowed size of the password (I guess it is 2-30 just like the forums), and b) actually validate the password length and give an error when appropriate.
However, when I tried to login ingame, it kept rejecting it.
Finally I spotted this:
In the email I was sent.password: PR:whgQPs^V>@ZlC)6huMJ3rpnf^^)
The length of the above quoted password is 30, not 32 -- the final two characters are missing. Meaning the password stored in my password wallet was different from the actual password needed to login!
Before I noticed that, I had decided to change my password to something shorter -- 16 characters long. With that, I managed to successfully login in-game.
IMO an appropriate fix would be to a) indicate the allowed size of the password (I guess it is 2-30 just like the forums), and b) actually validate the password length and give an error when appropriate.