A couple of password fails
Nov. 1st, 2020 11:51 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
brooksmosesDear financial company:
When you require all users to change their password to comply with your new password requirements, it is entirely reasonable that the Javascript on your password-change form requires the new password to comply with the requirements.
However, requiring the old password to comply with the new requirements is ... not helpful.
Also, I know it seems like "best practices" to make everything password-like a field that obscures its inputs. This is less than helpful with one-time security codes. I would like to be able to confirm that I have entered them correctly, especially when you warn that my account "may" be locked after three unsuccessful attempts.
And, furthermore, your site is as slow as molasses.
When you require all users to change their password to comply with your new password requirements, it is entirely reasonable that the Javascript on your password-change form requires the new password to comply with the requirements.
However, requiring the old password to comply with the new requirements is ... not helpful.
Also, I know it seems like "best practices" to make everything password-like a field that obscures its inputs. This is less than helpful with one-time security codes. I would like to be able to confirm that I have entered them correctly, especially when you warn that my account "may" be locked after three unsuccessful attempts.
And, furthermore, your site is as slow as molasses.