Comment by terribleperson
6 hours ago
You say locking oneself out, but I decline to consider any situation where a password can be set but not later entered as one where the user bears even a modicum of fault.
6 hours ago
You say locking oneself out, but I decline to consider any situation where a password can be set but not later entered as one where the user bears even a modicum of fault.
I remember a website that silently removed everything but the first 8 characters from the "password" field upon registration but somehow didn't do the same on the login page. It took me several hours and several password resets to actually log in after registration, since for some reason the trimming happened client-side and only when typing the password manually (and I was pasting my password from a password manager).
We're so far down this path the language around the problem is distorted. Ownership has been perverted and the only thing you control is the bill.
Relevant xkcd: https://xkcd.com/2700/