frediy
commented
9 years ago From wjmo...@gmail.com on April 21, 2014 14:40:20
It appears the change password form (and login form) has a maxlength attribute only allowing 20 characters. This is an unnecessary restriction since the the code[1] that creates the password hash from a password supports a more or less arbitrary length.
However with some testing it appears that when the password is filled in by 1Password it will actually exceed the maxlength no doubt leading to this problem.
The maxlength should be removed or significantly increased.
[1]: https://github.com/tricycle/lesswrong/blob/master/r2/r2/models/account.py#L447 Note to OP: I will reply directly.
Status: Accepted
Labels: -Priority-Low -Milestone-Future Priority-Medium Milestone-Now
From tmca...@gmail.com on April 20, 2014 14:50:57
I tried to change my account password using the password manager 1Password. I generated a 30-character password, which was apparently truncated to 20 characters by the LessWrong website. The website now seems to reject my original password, the 30-character password that 1Password generated, and the 20-character truncated password. Sadly, I never gave Less Wrong my e-mail address, so I cannot use the "Forgot your password?" feature to create a new password.
I am using Firefox 28, Mac OS X 10.9, and 1Password 4.1.2. My username is Tyrrell_McAllister.
Original issue: http://code.google.com/p/lesswrong/issues/detail?id=428