View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003334||HTML & PERL||Bug Report||public||2019-04-15 23:22||2019-06-06 14:58|
|Platform||Chrome||OS||Windows||OS Version||7 and 10|
|Target Version||Fixed in Version|
|Summary||0003334: Enhance note for password with what is allowed|
|Description||Currently the note for user registration indicates:|
ascii only character
However when using ascii characters only the system will not allow me to sign up. Using the below strings result in this error "3 - The supplied password is invalid. "
However, worth noting, my account was still somehow created and it is bound to an unknown password. After using the password helper tool I'm also unable to change the account password to a sufficiently strong password and continue to receive error 3.
If any chars between 32 - 127 are not allowable, please indicate as such.
|Additional Information||Issue 622 was marked as resolved however it seems password restrictions still are not sufficiently documented. https://tracker.anidb.net/view.php?id=622|
|Tags||No tags attached.|
||Are you using a generator like LastPass?|
As an aside, allowing any unicode characters and even longer passwords would enhance security at potentially low effort. Anything that would not be too intensive to hash on sign-in seems good. 1000 characters, whatever.
There could be stricter minimum requirements, but very generous maximums are ideal, because there are ways to devise long, memorable passwords that would not be likely to be guessed or brute-forced. (64 characters is pretty good, but I've used much longer passwords with some sites, such as Twitter).