Enter password again, carefully to make sure no typos
Incorrect
Change password to the one you remember it to be
“New password can’t be the same as old password”
😬
Shit sometimes gives me this while using a password manager! The saved password is correct. Even the change password thing says it should be correct. Still tells me it’s wrong trying to use it.
That just means they’re forcing everyone to change their passwords but they don’t want to come out and tell you about it.
If you’re lucky, some overzealous sysadmin is just trying to enforce regular password updates on his users, and makes them expire every once in a while.
More likely, there was a breach of some sort that they want to keep on the hush.
It’s also possible there’s a hidden max password size somewhere, like some fields only counting the first x characters of the password but it’s inconsistent across different forms.
Not sure what is worse, not telling you and giving an error or not telling you and letting you log in (ie truncating the password both times, letting you think your password is longer than it is)
but they don’t want to come out and tell you about it.
It also doesn’t require a code change to continue blaming the user when you invalidate all current passwords.
It’s a couple database queries to move all current passwords to old passwords, and change current (hashed) password for everyone to “deadbeef”. Nobody can guess a value that adds to their salt and hashes to “deadbeef”, and you get this behavior.
One time, I was trying to recover an old email address from a local ISP domain. They had changed the pw length requirements a few years earlier.
Well, my current password was not long enough, but some idiot designer put the password requirements on the Old Password field as well. I was not allowed to update my password to meet the new requirement because the old password did not meet the new requirements. Morons.
Shit sometimes gives me this while using a password manager! The saved password is correct. Even the change password thing says it should be correct. Still tells me it’s wrong trying to use it.
I had this exact issue with an Instagram account. You’d expect a social media site with 2 billion monthly active users to do better but nope
I don’t even know how the fuck this happens.
😬
Shit sometimes gives me this while using a password manager! The saved password is correct. Even the change password thing says it should be correct. Still tells me it’s wrong trying to use it.
That just means they’re forcing everyone to change their passwords but they don’t want to come out and tell you about it.
If you’re lucky, some overzealous sysadmin is just trying to enforce regular password updates on his users, and makes them expire every once in a while.
More likely, there was a breach of some sort that they want to keep on the hush.
It’s also possible there’s a hidden max password size somewhere, like some fields only counting the first x characters of the password but it’s inconsistent across different forms.
USAA is guilty of this shit. Let’s you set a huge password. Truncates it. Doesn’t tell you about it. Error when logging in.
I want to beat the motherfucker behind this strategy.
E: Kagi too. I bitched out the support and I got a ‘meh, it should have told you’ response. Fix your shit.
Not sure what is worse, not telling you and giving an error or not telling you and letting you log in (ie truncating the password both times, letting you think your password is longer than it is)
The first is more annoying, the second is scummier.
Yep
It also doesn’t require a code change to continue blaming the user when you invalidate all current passwords.
It’s a couple database queries to move all current passwords to old passwords, and change current (hashed) password for everyone to “deadbeef”. Nobody can guess a value that adds to their salt and hashes to “deadbeef”, and you get this behavior.
One time, I was trying to recover an old email address from a local ISP domain. They had changed the pw length requirements a few years earlier.
Well, my current password was not long enough, but some idiot designer put the password requirements on the Old Password field as well. I was not allowed to update my password to meet the new requirement because the old password did not meet the new requirements. Morons.
I had this exact issue with an Instagram account. You’d expect a social media site with 2 billion monthly active users to do better but nope