Comment by davchana
6 years ago
The Indian version of personal retirement fund NPA website does this, I learnt a lesson. Every certain weeks you Have to change password. No big deal. I will just add an incremental number. Ok, password now is PasswordPass1. Lets login, Wrong password? Why? Error Password length exceeded.
So, the password change page will accept any length password, will silently truncate it if longer & save it. Now on login page you have to guess the password length or reset.
No comments yet
Contribute on Hacker News ↗