Password set fields that have a maximum length equal to the max length password they accept.
If you have a max length, your input fields should allow more characters and then error stating the password is too long. I have seen systems that for reasons (that were valid when the decision was made) had low max password lengths. Newer systems that were built on top of it silently truncated passwords to this max length on both setting and validating, so users thought they had longer passwords than they actually had. Increasing users password lengths then became an issue because you have to allow the increase in both the password set and input fields, but can't because users could then input what they correctly think their password is and recieved an invalid username/password error.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Password set fields that have a maximum length equal to the max length password they accept.
If you have a max length, your input fields should allow more characters and then error stating the password is too long. I have seen systems that for reasons (that were valid when the decision was made) had low max password lengths. Newer systems that were built on top of it silently truncated passwords to this max length on both setting and validating, so users thought they had longer passwords than they actually had. Increasing users password lengths then became an issue because you have to allow the increase in both the password set and input fields, but can't because users could then input what they correctly think their password is and recieved an invalid username/password error.