We’ve all been there.

  • Affidavit@aussie.zoneEnglish
    1·
    2 years ago

    Sorry, you must have a special character. Oh... Not THAT special character, it has to be a special special character, that one isn't valid. Ah, no, that one's too long. It should be shorter. It needs to be between 11 and 11.5 characters.

    Half the time I now just enter random nonsense until it lets me create an account. Then, when I want to access a website/app again, I just ‘forget’ my password and reset it to some other random nonsense.

    • Revan343@lemmy.caEnglish
      1·
      2 years ago

      You think that’s bad, a decade ago I had to use a government-run website that required passwords be exactly 8 characters

  • zeppo@lemmy.worldEnglish
    0·
    2 years ago

    “Sorry, that password is already in use” ruins it for me. That’s not a realistic message to receive.

    Maybe “Your password cannot be one you’ve used previously”.

    • Buddahriffic@lemmy.worldEnglish
      1·
      2 years ago

      It follows the vein of some of the password rules and feedback reducing security itself. Like why disallow any characters or set a maximum password length in double digits? If you’re storing a hash of the password, the hash function can handle arbitrary length strings filled with arbitrary characters. They run on files, so even null characters need to work. If you do one hash on the client’s side and another one on the server, then all the extra computational power needed for a ridiculously long password will be done by the client’s computer.

      And I bet at least one site has used the error message “that password is already in use by <account>” before someone else in the dev team said, “hang on, what?”.

  • FluffyPotato@lemmy.worldEnglish
    0·
    2 years ago

    The worst one is when it only supports up to like 16 characters but doesn’t tell you so it will only use the first 16 characters and ignore the rest. The next time you need to enter it and get the 64 character password from your password manager it will just say it incorrect and you’re left with no idea on why it’s wrong.

    • dlok@lemmy.worldEnglish
      0·
      2 years ago

      Holy shit you might have just explained why I have to reset my password every time for a local fast food joints own website

  • average650@lemmy.worldEnglish
    0·
    2 years ago

    The worst part is that if they know that password is already in use… then they aren’t storing their passwords appropriately.

    • teft@lemmy.worldEnglish
      1·
      2 years ago

      You could store the passwords as hashes and just compare the hashed value.

  • SevenDigitCode@lemmy.worldEnglish
    0·
    2 years ago

    My favorite, though, is:

    types in password “Password incorrect” goes to reset password “please enter a new password” types in password “your new password cannot be the same”

      • stepone@lemmy.worldEnglish
        0·
        2 years ago

        It often means that one could have derived the correct password from the set of rules - but those rules are not shown when asking for the old password

        • 5too@lemmy.worldEnglish
          1·
          2 years ago

          Exactly this. I want to normalize showing the password requirements when you don’t immediately get the password - if you made me jump through hoops the first time, at least remind me what they were!