You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(I use pass, and this is a 128 character password generated by it).
It is not clear in what way such a password is not valid.
I have noticed that when typing a password, it explains if the password is too short, or doesn't contain numbers or special characters. Length is a good requirement, but special characters, etc. are not: https://pages.nist.gov/800-63-3/
Despite being well-intentioned, in practice such requirements reduce overall password security.
Expected Behavior
It should accept my password. There is no reason not to accept it. Passwords of length up to 1024 are generally reasonable to accept (limiting the network request payload size only. Once hashed they're all the same size anyway.
In our application, the maximum size of a password can be 70 characters. That's why your password is invalid.
We didn't think this case would come where users trying to use a password that is more than 70 characters long. So, may be because of that, this error was not handled properly.
Bug Description
Logging in to a new account and entering a password like this:
(I use
pass
, and this is a 128 character password generated by it).It is not clear in what way such a password is not valid.
I have noticed that when typing a password, it explains if the password is too short, or doesn't contain numbers or special characters. Length is a good requirement, but special characters, etc. are not: https://pages.nist.gov/800-63-3/
Despite being well-intentioned, in practice such requirements reduce overall password security.
Expected Behavior
It should accept my password. There is no reason not to accept it. Passwords of length up to 1024 are generally reasonable to accept (limiting the network request payload size only. Once hashed they're all the same size anyway.
Actual Behavior
When I try to use this to set a password:
The server responded with a
400
:Steps To Reproduce
Provide an unambiguous set of steps to reproduce this bug. Include code or configuration to reproduce, if relevant.
Context For The Bug
I was trying to set a password so I could explore hyperswitch's sandbox
Environment
This is on current hyperswitch.io
Have you spent some time checking if this bug has been raised before?
Have you read the Contributing Guidelines?
Are you willing to submit a PR?
No, I don't have time to work on this right now
The text was updated successfully, but these errors were encountered: