Trying to change password resulted in no password working

[GoogleCodeExporter]

I tried to change my account password using the password manager 1Password.  I 
generated a 30-character password, which was apparently truncated to 20 
characters by the LessWrong website.  The website now seems to reject my 
original password, the 30-character password that 1Password generated, and the 
20-character truncated password.  Sadly, I never gave Less Wrong my e-mail 
address, so I cannot use the "Forgot your password?" feature to create a new 
password.

I am using Firefox 28, Mac OS X 10.9, and 1Password 4.1.2.  My username is 
Tyrrell_McAllister.

Original issue reported on code.google.com by tmca...@gmail.com on 20 Apr 2014 at 4:50

[GoogleCodeExporter]

It appears the change password form (and login form) has a maxlength attribute 
only allowing 20 characters. This is an unnecessary restriction since the the 
code[1] that creates the password hash from a password supports a more or less 
arbitrary length.

However with some testing it appears that when the password is filled in by 
1Password it will actually exceed the maxlength no doubt leading to this 
problem. 

The maxlength should be removed or significantly increased.

[1]: 
https://github.com/tricycle/lesswrong/blob/master/r2/r2/models/account.py#L447

Note to OP: I will reply directly.

Original comment by wjmo...@gmail.com on 21 Apr 2014 at 9:40

• Changed state: Accepted
• Added labels: Milestone-Now, Priority-Medium
• Removed labels: Milestone-Future, Priority-Low