Was testing things and ran into autofill errors with KeePassXC. Looks like the Firefox plugin manages to pass the full length of the password, even if the input field is limited to a lower number of chars. Manually pasting the password truncates it, though.

  • ursakhiin@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    In this same vein, I used to work as tech support for a bank that had a key fob token rotator for 2fa. The implementation was you put the token in the password field after the password.

    The website did not tell you it truncated after 8 characters. There was also no real indicator that the actual activation of the token was the first attempted use after it was received.

    Many customers had passwords longer than 8 characters (or so they thought) and tokens that never activated because the longer password resulted in the token being truncated as well.