Follow

Fun fact: wizzair.com let's you set a long password, but behind the scenes it truncates it to 16 characters (because obviously every byte is precious these days, I guess?).

When you try to log-in with your long long password, it fails. You have to *know* to truncate it yourself to 16 chars.

This is a major airline in 2019.

@bjarni fun fact, Íslandsbanki had the same issue, and when I reported it initially they just pretended that it's not a problem (eventually they recognized is as an issue and promised to fix it).

@rysiek I am now assuming you always use the password 0123456789abcdefg for everything, just to test for this.

@rysiek I bet 99% of their customers have shorter passwords, which is kind of depressing in 2019.

@rysiek Comment from a friend of mine:

This also suggests that they're storing your password in plaintext in their database; if they were hashing it, they wouldn't need to care about the length of the original string. I've seen it suggested that storing unhashed passwords is a GDPR violation.

-- twitter.com/pozorvlak/status/1

@rysiek I had the same in polish bank mbank. I had no idea, because it was also truncating when logging in. I learned when installed phone application that was not truncating.

@rysiek paying for the latest mainframe upgrade is expensive I guess...

@DrWhax let's hope they treat their airframes better than their mainframes...

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!