|
|
|
|
|
|
by jrockway
3336 days ago
|
|
|
It's one thing to reject special characters at password change time, that's silly but not massively insecure. It's another thing to modify passwords at rest to delete the special characters. (However, the backend could easily have always been doing that, and the frontend changed from silently deleting what you typed to refusing to accept what you typed.) It's silly but probably has to do with some percentage of customers not realizing that - and _ aren't the same character or something. |
|
|