[TechBro8615]

I've never had a website outright reject certain special characters, but I've had some passwords silently accepted at signup and then rejected at login. So I usually randomize the password until it doesn't include any backslashes or asterisks...

[ThunderSizzle]

I've had this happen on pure length. I believe KeePass defaults to 20 characters. I've seen websites accept 20 characters on sign up, but internally, the log in only accepts 12 characters, but it doesn't truncate the input either. I had to enter the first 12 characters and submit the form, and it worked.

I was completely baffled on why it was designed that way - if you're going to truncate the password, the login field should do the same.

[ipython]

Omg you must have incredible luck when filling out sign in forms. There must be some sort of sadistic instinct on the types of people who design password forms. I’ve had passwords rejected for being too long (over 15 characters), including the “wrong” kind of special characters, having the same character repeated twice in a row, not having enough numbers, just to name ones I can remember off the top of my head. Oh the best ones don’t tell you the rules until after you’ve been rejected.

A special place in hell is reserved for those websites that consider themselves too cool for a password manager. They actively block auto fill or cut & paste in the password field. I don’t envy the 1password devs for having to put up and work around this stuff.

[pwg]

> They actively block auto fill or cut & paste

Firefox -- set the "dom.event.clipboardevents.enabled" setting in about:config to 'false'. No more "actively blocking paste" by websites.

[ipython]

Don’t get me wrong I appreciate the hacks. But I can’t exactly walk my father in law through that process when he hardly understands what a password manager is and why it’s important in the first place. Plus this doesn’t help at all on mobile.

[pwg]

> I've never had a website outright reject certain special characters,

This is exceedingly common for US Banks. You'll find, usually only after pasting in the newly generated random password and clicking submit, that the "your password must include at least one number and two special characters" description up front failed to also include: "oh, also, we do not allow use of the character % in your password" (or some other character).

[onei]

When I created an account to take out a mortgage with a UK bank, I found they allowed up to 12 ASCII alphanumeric chars for a password. I forget if there was a min length.

This was around October 2019, so it's not like they shouldn't have know better.

[TechBro8615]

It's even worse for UK banks, which ask you to (for example) "enter the 4th, 5th and 11th character of your password."