Inconsistent password rules for Community vs. App

Hello.

I’m feeling fairly frustrated right now, and so I’m going to skip some of the common pleasantries, and jump straight into being objectively direct and to the point. I’m not trying to be mean, but I definitely intend to jump into the problem.

I generate long, complex passwords, and store them in my password manager — because I’ve come to understand that the human mind is not designed for creating and remembering long, complex, unique passwords for the hundreds of passwords that I use in a given week/month/year. I also have strong opinions on the use of the phrase “forgot password” vs “reset my password” based on the notion that trying to use your brain to keep your passwords secure is like trying to stop an invasion army by throwing slices of swiss cheese at them — incomprehensibly stupid and ridiculous.

But that’s not what I came to tell you about…

I wanted to provide some context around my use of passwords and what my expectations are from websites and applications which accept passwords. Here is an example password (that is not my actual password) that is sufficiently long, complex, and unique:

h@>H7jy3yv)eF)BM&6=237QvNI*^##u{|hl#%ooUQddl!tvC4QK)0|cq4INBf+v>O5FD"a<o'hLv'%IO

(Some people might mock this password as being insane or generally unwarranted, but those people clearly have not even the remotest comprehension of how grossly insecure their entire digital lives are.)

I was able to reset my password at https://agenda.community (or https://accounts.agenda.com). The password reset page accepted my new long, complex, unique password. I am able to log into https://agenda.community using that new password.

But I cannot log into the Mac app with it. Nor can I log into the iOS app with it. It would seem that although I was allowed to set an account password (which works in some places), it was a password that is not accepted by the apps themselves. I will skip the explanation of the user experience impact this has, and how it reinforces people’s (grossly) misguided perceptions that shorter, simpler, (reused?) passwords are better.

Yes, I could work around this by using a shorter, less complex password. I end up having to do that often, and it sucks. Instead, I’m writing this post to ask you to fix this issue, which is very clearly a bug.

From what I can tell, this app seems to be very good and I like the approach it takes to solving its core issues. I’m excited to see how it fits into my daily workflow. But this password issue is a trigger for me (not in the “I’m feeling triggered” kind of way, but more of the going postal way), and has sent me into a piercing, white-hot rage.

Thank you.

2 Likes

The only character which is disallowed should be the colon. This restriction is due to the IBM framework we are using on the server: it had a bug, which we have reported, and they have since fixed as a result. We will update our server to include the bug fix in time. For now, if you simply avoid colon, I think it should work.

It is certainly not an attempt to force you to use a simple or short password.

1 Like

Love the brevity.