Page 1 of 1

LOJ passwords

PostPosted: Wed Aug 10, 2016 7:45 am
by mikeofferman

After seeing Sarah's post on getting her account hacked, I decided to change my password. I use a password manager, so my passwords are just random and usually around 20 characters. I notice that LOJ truncates passwords down to 15 characters, which is probably just fine. The problem is, that it doesn't tell you that this has happened (I cut and paste into the field).

Would you be able to warn the user that this has happened, and/or, expand the number of characters allowed?


Re: LOJ passwords

PostPosted: Wed Aug 10, 2016 1:09 pm
by John Kirk
I could remove the restriction in the form on max length of textarea, then handle passwords > 15 characters server-side with an error asking for password to be re-input with max of 15 characters. Probably the cleanest solution because client-side would need to handle too many use cases of paste, typing, onchange events, etc. Does that work for you?

Re: LOJ passwords

PostPosted: Wed Aug 10, 2016 1:19 pm
by mikeofferman
That would be fine, maybe even a little note that explains any limitations on the change password page.