Is This A Bug?

On the reset password function, Username is case-insensitive.

On the login function, Username is case-sensitive.

So if you try to log in with the exact same username as you used to reset the password (i.e, with the “wrong” capitalisation”), and the brand new password you just created, it’s rejected as “Invalid username and password”.

Logon and password reset features are basic functionality for all websites. But still some people get it wrong…

This entry was posted in Testing & Software. Bookmark the permalink.

2 Responses to Is This A Bug?

  1. Yeah, that’s a bug.

    Heck, I’m still cringing from the website that didn’t accept a password LONGER than eight characters.

  2. Tim Hall says:

    I once used an internal system that had a *four* character limit. To make it worse, the passwords expired after twelve weeks, only it didn’t actually tell you that. Just said the password was invalid when you tried to log on.

    Much relief when that system was replaced.