Index  | Recent Threads  | Unanswered Threads  | Who's Active  | Guidelines  | Search
 
World Community Grid Forums
  Category: Support
  Forum: Website Support
  Thread: Website login does not allow longer passwords, but reset password does.

Quick Go »
No member browsing this thread
Thread Status: Active
Total posts in this thread: 4
[ Jump to Last Post ]
Post new Thread
Author
Previous Thread This topic has been viewed 2352 times and has 3 replies Next Thread
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Website login does not allow longer passwords, but reset password does.
As a general rule I use, if possible at least sixty-four (64) character passwords on everything, mostly so I can find all the sites out there which stink (e.g. American Express) and block long passwords arbitrarily. When resetting my password on World Community Grid today I saw a helpful note (thanks!) about 100 character passwords being allowed, so of course I decided to use that length:

> openssl rand -base64 75 | tr -d '\n' ; echo


The resulting password is something like this (sorry that this is wrapping):
cRyZdBEewtd9XgzBLF9J4lmAdlqThnaTYIsfHCmrcDEzRmMAxjoIffUQKlM3UA7HSAU4EhXW0cl185xAkAaiXdqaTivaxN
IY58kbx


The generated string is nice and long, and the website took it without issue, and that was great. Next I tried to login, and apparently I was not copying/pasting my password correctly, but of course copying/pasting is pretty reliable. I checked the HTML of the password field on the login page (vs. the one on the password reset page) and saw it limits the field input to sixty (60) characters. Changing this (thanks Firefox) to 100 I was then able to paste my 100 character password and successfully login without issue.

Takeaway: Please change maxlength="60" to maxlength="100" on the login form to (I presume, but have not checked) match the password reset form.

Aaron Burgemeister
Identity / Security / Linux Consultant
[Oct 19, 2018 4:32:30 PM]   Link   Report threatening or abusive post: please login first  Go to top 
BladeD
Ace Cruncher
USA
Joined: Nov 17, 2004
Post Count: 28976
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
shock Re: Website login does not allow longer passwords, but reset password does.
Bump...someone should at least say, okay, we will look into this.
----------------------------------------
MyCity
[Nov 12, 2018 7:40:52 AM]   Link   Report threatening or abusive post: please login first  Go to top 
uplinger
Former World Community Grid Tech
Joined: May 23, 2005
Post Count: 3952
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: Website login does not allow longer passwords, but reset password does.
I'm taking a look at the code to see what changes need to be made.

Thanks,
-Uplinger
[Nov 14, 2018 4:20:03 PM]   Link   Report threatening or abusive post: please login first  Go to top 
uplinger
Former World Community Grid Tech
Joined: May 23, 2005
Post Count: 3952
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: Website login does not allow longer passwords, but reset password does.
We are working on a fix for this and hope to have it in the next release.

Note: for a temporary work around, you should be able to navigate to another page and click the login button in the top left and type in your full password there.

Thanks,
-Uplinger
[Nov 15, 2018 4:26:30 PM]   Link   Report threatening or abusive post: please login first  Go to top 
[ Jump to Last Post ]
Post new Thread