Loading Profile...
Twitter,
Facebook, or email.
Just changed my password. The new password I wanted to enter was 9 characters long, and contained a mix of upper and lower case letters, digits and punctuation. i.e. a good strong password. On attempting to save this password I got a message saying
"Passwords must be between 8 and 16 characters long, containing at least one uppercase character and digit"
My password complied with these requirements, but was not accepted. Turns out the when I removed a "?" character from the password, it became acceptable.
So (1) the error message is very unhelpful - it should also have said "and no punctuation characters" - and (2) the password validation is forcing me to use a weaker password than I would have chosen.
Hmmmm.
I’m
sad
Misleading error message when changing password
Official
Response
-
Hello everyone,
We are updating the password messaging to make it clear that symbols are not currently accepted by our system, so you are no longer misled as to what password you can use. The change has been made and will be released later this month.
We will also be looking into how we handle passwords, but that's another conversation for another day!
Many thanks,
Jake
Promoted
Response
-
Hey Julie,
I actually brought this up internally last week as part of our various security efforts, and we're currently looking at how we can enhance our password strength policy to support symbols and other characters.
In the past, it was possible to use this password for an extension password, which meant all phones we supported had to accept symbols which wasn't the case. The recent security changes have removed this restriction, and we're now able to investigate allowing this.
At the very least, I'll make sure we update that error message in the meantime and will let you know once we're able to support symbols.
-
Hey Julie,
I actually brought this up internally last week as part of our various security efforts, and we're currently looking at how we can enhance our password strength policy to support symbols and other characters.
In the past, it was possible to use this password for an extension password, which meant all phones we supported had to accept symbols which wasn't the case. The recent security changes have removed this restriction, and we're now able to investigate allowing this.
At the very least, I'll make sure we update that error message in the meantime and will let you know once we're able to support symbols.Comment -
-
-
I’m
better at updating my own websites than you seem to be
I've just fallen for this "misleading" message. Please fix it, as promised six months ago.
-
-
EMPLOYEE
I’m
confident
Hi,
I have raised this problem with our Engineering team and it has been added to their task list. I cannot place a time on when this will be implemented as it will have to compete with other tasks, some with higher priorities.
We will update this thread whenever we have any news.
Many thanks,
Jake -
-
Hello everyone,
We are updating the password messaging to make it clear that symbols are not currently accepted by our system, so you are no longer misled as to what password you can use. The change has been made and will be released later this month.
We will also be looking into how we handle passwords, but that's another conversation for another day!
Many thanks,
Jake -
