• chaorace@lemmy.sdf.org
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    Is your password longer than 60 characters? If so, you should know that your actual password was truncated to 60 chars at the time of account creation. You won’t notice on the website because the login webform automatically truncates characters beyond the limit, but most 3rd-party apps don’t do this because it’s an undocumented thing.

    Basically, my advice would be to update the password in your password manager to be truncated to 60 characters and then try logging in with the app again.

    • impulse@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      What kind of maniac would use a password that’s longer than 60 characters?

      I get that password managers are standard now, but anything outside the norm is just asking for trouble. I vividly remember updating a client’s webfrom to reject emojis in passwords, because for some reason people started using them and it wrecked havoc in the backend.

      • chaorace@lemmy.sdf.org
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Oh man, the feeling of solving an obscure issue on the first try without having to ask for any extra hints: chef’s kiss. I’m glad I could be of assistance!

        • LoudWaterHombre@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I am very glad, also impressed by that detailed knowledge, are you working on/with lemmy? I’d whip out an award, but here are only poor men awards 🏅🏆

          • chaorace@lemmy.sdf.org
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Nah, I was just playing around with the API and spent the better part of a day trying to figure out why authentication wasn’t working for me (I’d been using a 64 character password 🤦)

    • twitterfluechtling@lemmy.pathoris.de
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?

      If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.

      • chaorace@lemmy.sdf.org
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I agree that it’s stupid and needs to be changed.

        In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible:

        • Issue regarding the ui silently truncating the password: lemmy-ui/#1120
        • Issue regarding the backend error issue: lemmy/#3284