Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My health insurance portal (Aetna, no I am not above naming and shaming) did something annoying. When I signed up I used a randomly generated three-word passphrase from my password manager. It was around 32 characters or something.

They have the fun pattern of logging you out of your account whenever you are inactive. A bit excessive for a health insurance provider imo, but whatever.

So I tried to login and guess what? Max input length for their login password is 16 characters. I literally couldn't input my password.

I had to go through a stupid process to reset my password because their sign-up front-end validations were different from their sign-in front-end validations. I had to purposely choose a less secure password even though I could technically create a password that was pretty secure, I can't sign in with it.



Heh, I had a health insurance portal that when you changed your password with their mobile app, it would let you use all the special characters. However the web app blocked (or stripped) those characters out, meaning you couldn't log in to the web app because it literally wouldn't let you type your password. Every so often the mobile app forced re-auth, and it redirected you to the web version where putting in your password wouldn't work... I likewise had a nightmare process to get it reset.


Yes, I really dislike those companies that spend so much effort blocking pasting into the second password field when filling them out so they break password managers.

Luckily it's normally easy enough to edit the tags on the text box but even so, this shouldn't be necessary.

Fucking BT.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: