How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
Ultimately we don’t know the implementation. I’ve seen some bad sites like stealth truncating on the registration form but leaving the login form unbounded so the password you pasted in both times doesn’t work.
Separate issue from truncating, I get suspicious when I see passwords capped to 16-20 chars for the reason you gave that they should be stored as fixed length hashes.