LOJ passwords

Questions about how this site works or problems you are experiencing can be addressed here.

LOJ passwords

Postby mikeofferman » Wed Aug 10, 2016 7:45 am

John,

After seeing Sarah's post on getting her account hacked, I decided to change my password. I use a password manager, so my passwords are just random and usually around 20 characters. I notice that LOJ truncates passwords down to 15 characters, which is probably just fine. The problem is, that it doesn't tell you that this has happened (I cut and paste into the field).

Would you be able to warn the user that this has happened, and/or, expand the number of characters allowed?

Thanks,
Mike
mikeofferman
 
Posts: 141
Joined: Tue Nov 21, 2006 8:47 pm
Location: Windsor

Re: LOJ passwords

Postby John Kirk » Wed Aug 10, 2016 1:09 pm

I could remove the restriction in the form on max length of textarea, then handle passwords > 15 characters server-side with an error asking for password to be re-input with max of 15 characters. Probably the cleanest solution because client-side would need to handle too many use cases of paste, typing, onchange events, etc. Does that work for you?
User avatar
John Kirk
LoJ Architect
 
Posts: 1605
Joined: Sun Jan 02, 2005 1:04 am
Location: Lakewood, CO

Re: LOJ passwords

Postby mikeofferman » Wed Aug 10, 2016 1:19 pm

That would be fine, maybe even a little note that explains any limitations on the change password page.
mikeofferman
 
Posts: 141
Joined: Tue Nov 21, 2006 8:47 pm
Location: Windsor


Return to Site FAQ's

Who is online

Users browsing this forum: No registered users and 21 guests