We’ve all been faced with this screen, right? You haven’t logged in to a website for a while, so it prompts you to change your password.
sigh Annoying but probably necessary.
The problem was, every time I tried to change my password, it told me that my old password was invalid. The one that I’d just used to log in. I use the incredible LastPass Password Manager – so I knew I wasn’t typing it incorrectly.
It took a few tries, but I finally figured out what was going wrong. When I’d set up the account, LastPass had generated a secure 32 character password. But the “old password” field had artificially restricted passwords to a maximum of 20 characters.
Well, that’s easy enough to change! Crack open Firefox’s Inspect Element tool, change the
maxlength value, and submit again.
What utter cockwombles.
Can you see any mention of a maximum length in the password rules? Minimum, sure, but no max.
Naturally, this 20 character restriction isn’t enforced on the login page.
Take a bow, “Willis Towers Watson”, your web developers are actively making the world a worse place. I’d ring you up to complain, but naturally you’re closed on a Sunday.