Edit: @Successful_Try543@feddit.org solved it. It says “one special character”. Not “at least one”.
It’s fucking insane that an internet banking portal has such a low cap on max characters and such shitty rule enforcement.
Their desktop site is even more shitty. It won’t allow right click or paste actions. There goes compatibility with password managers.
Bitwarden has a function where it types in (not pastes) the password and shows the prompt for it without right-click.
And even if theres an app for Windows (https://github.com/jlaundry/TypeClipboard) that can type it for you and even has a shortcut.
I am sure someone in the linux world knows an equivalent tool.
We use it at work to paste long passwords when remoting in.
As a super secret dev hack may I introduce you to shift + insert a fair few sites specifically block ctrl + v instead of properly disabling the clipboard action and, of course, if you read this and then submit a Jira ticket to block shift + insert… well… h8u
I usually to in the developer tools and manually disable the thing preventing the paste action. It’s usually a string to remove some JS or something or an Event that you need to uncheck
My bank’s password used to have to be exactly 6 characters, no special characters and you could use numbers and letters interchangeably because it was also your phone banking password.
a previous bank used to have a max password length of 8 characters, then proudly announced that they will increase it to 32
Then I made a typo at the end of my password and it let me in anyway, and I realised they were just trimming the first 8 characters to give the illusion of security
That is so insane. To think they would rather just clip the passwords instead of habing it be longer.
Did you try out your hypothesis by using the first 8 letters than just random junk until you hit your password length?
Visa has a hard limit of 8 and requires the first 4 to be numbers because the phone tree might require it as a password
The whole banking industry is ridiculous and is ridiculously legislated
The ERP software I have to use has a strict limit of 6 characters as password. Only alphabet and numbers allowed.
Maybe when I leave I try an SQL injection.
I had to create an account on a government website. The website didn’t list a character limit so I used a password manager to generate a 32 character password. My account was created but I couldn’t log in. I used the “forgot my password” option and I received an email of my password in plain text. I also noticed why I couldn’t log in. The password was truncated to just 20 characters. Brilliant website! Tax dollars at work!
Some internet banking sites give access after only asking for login password. They will only ask for transaction password and OTP (that will only come on phone) later on. Asking for two passwords isn’t necessarily more secure since many people will just reuse their original one again. And OTP instead of offering something like hardware security key is insane.
My bank uses 6 digit ‘customer number’ (which is set by the bank) and that’s verified with an app and a personal PIN (app shows ‘login attempt ABCD at mm.dd. hh:mm’ where ABCD is shown on login page too) or via SMS OTP (again with ‘ABCD’ verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can’t just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.
I think that’s pretty reasonable approach.
It is insane that any internet banking portal still uses a static password.
Time-based one-time passwords. It’s been used for years for multi-factor authentication.
seriously, I’ve never seen a bank with password login to begin with. Every bank i know of uses physical devices that you type a code into
Sweden. The little keyfob thingies have been the thing for many decades here, I would guess ever since the dawn of internet banking, but I’d have to ask my parents instead of just assuming. I used to assume that was just normal for banks in the world at large. When you want to log in, the website gives you a code, you type the code into the fob and it responds with another code you type in to the website.
Nowadays they additionally offer login via BankID, a mobile app used throughout Sweden for personal online identification.
It says one special character, not at least one. Maybe the password has more than one.
Holy shit!! You did it. I would never expect a banking password to max special characters. I have been scratching my head with Bitwarden and this shitty app for an hour.
But wouldn’t that mean the bottom checkbox should be cleared and the 2nd one should be checked?
Still doesn’t make sense.
That programmer has obviously been playing https://neal.fun/password-game/
I remember seeing the most optimal password for this game but now I can’t find it
problem is the late stages of the game the password requirements change when your password’s emojis start catching fire.
Last time I got pretty deep in, but it became impossible when the chess notation rule required Cs and Ds, making it impossible to stay below the roman numberal sum limit.
It says “one special character”. Not “at least one”.
oh. oh god. what the fuck.
If >1 special character is not allowed the last check should be failed . The second check is literally satisfied even if there are 2+ specials.
I’d not be using that bank.
