When signing up to create a new analyst, if the submitted password contains "invalid" characters (such as a dot [.]), the unhelpful message Invalid. Invalid. (sic.) is printed. It should print, "Invalid password." or something equally meaningful, instead.
Also, as a side note, why are there invalid characters or a character limit for a password field in the first place? My understanding is that a secure implementation should salt and hash the submitted password, which would result in a fixed size no matter the input length, and that this operation is orthogonal to the characters submitted, thus making all characters safe to use.
When signing up to create a new analyst, if the submitted password contains "invalid" characters (such as a dot [
.]), the unhelpful messageInvalid. Invalid.(sic.) is printed. It should print, "Invalid password." or something equally meaningful, instead.Also, as a side note, why are there invalid characters or a character limit for a password field in the first place? My understanding is that a secure implementation should salt and hash the submitted password, which would result in a fixed size no matter the input length, and that this operation is orthogonal to the characters submitted, thus making all characters safe to use.