Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Midnight Wolf
    link
    English
    13 months ago

    USAA does this. I renentl learned that, when I updated my password a few years back to my personal standard number of characters, everything was good until someone mentioned this fuck-up in a thread. USAA only checks the first… 16? characters. I assume it just discards anything beyond that. Other users say that it warns and doesn’t let you enter more than that during password creation, but it/my pw mgr sure didn’t care, as I have a password several fold that limit. I took out a couple characters from my ‘set’ password, and it still logged in just fine. 16, just fine. 15, error.

    Fucking wild.

    • @Pieisawesome
      link
      English
      43 months ago

      I used to work there. I reported this bug every quarter until a VP told me to stop…