I just changed my forum password to keepass-generated 40 random chars (my current standard for _all_ passwords) and can not log on with that new password. This behaviour is sadly a common one. The software just accepts the long password but truncates it internally to an undisclosed length, leaving it up to the user to click on forgot password on next login to resolve the situation... Reproducible: Always Steps to Reproduce: 1. Change password to 40 chars length. 2. Try to login with new password. Actual Results: Could not login using new password. Expected Results: Successfull login using new password.
All password fields are limited to 32 characters in the HTML which is the same length as the database column, so it's not possible to type in a 40 character password.
> All password fields are limited to 32 characters in the HTML which is the > same length as the database column, so it's not possible to type in a 40 > character password. And of course i would not use that long passwords for such low-risk sites if i had to actually _type_ it in. I did not try to type it. I pasted it. Thats why i use a password manager - so i do not need to type passwords myself. I just hit the button and let KeePassX paste it in. I did not notice that some stars where missing in the field after pasting. But i knew of arbitrary length restrictions from other sites before. Limiting the enthropy of passwords is nothing new on the internet. Well, its only a usability bug - so i did not had much hope for a fix anyway...
