Lots and lots of legacy systems do this, very low limit, case insensitive, numbers and letters only. I know of a major retailer with 10 character, case insensitive, alpha numeric for All their systems. Why? Because that’s the lowest common denominator (as400).
That's how my dentist's billing website works. Except it's limited to 8 alphanumeric characters, not 10, and they were quite happy to accept my pasting a 16-character generated password into the field. Unfortunately, they don't have a password reset link; instead, the you call the receptionist and they read out your password to you over the phone. This isn't a legacy system, either. I can only imagine the backend is written in QBasic or something.
Try changing the last two characters and see if it still lets you in. It's not that uncommon that people mix up when to filter input and when to validate it.
Lots and lots of legacy systems do this, very low limit, case insensitive, numbers and letters only. I know of a major retailer with 10 character, case insensitive, alpha numeric for All their systems. Why? Because that’s the lowest common denominator (as400).
That's how my dentist's billing website works. Except it's limited to 8 alphanumeric characters, not 10, and they were quite happy to accept my pasting a 16-character generated password into the field. Unfortunately, they don't have a password reset link; instead, the you call the receptionist and they read out your password to you over the phone. This isn't a legacy system, either. I can only imagine the backend is written in QBasic or something.
I have a 14 character WFC password, seemingly works fine.
Try changing the last two characters and see if it still lets you in. It's not that uncommon that people mix up when to filter input and when to validate it.
Tried and failed (to login). Looks like they are at least validating my entire password.