They changed allowed password length and locked me out – Transit GO Ticket Review

They forced me to update the app, and upon attempting to login again, I was told that passwords have a max of 20 characters. Well, guess what? My password is 28 characters. I relied on you, and trusted you, and you failed. Good thing I had $3 in my pocket or I wouldn’t have made my bus ride! And that’s a loss of 25 cents because the fare is $2.75. And that was literally my last dollar. I have no cash to get back after lunch, so I’ll be delayed getting back to work figuring out a solution. This is a huge inconvenience to me. What a moronic thing to do! There is no actual technical reason to disallow longer passwords. And if you’re going to limit password length, the *intelligent* thing to do would be to check the password lengths of your existing users and ensure they can continue using your app without interruption. Perhaps you could restrict password length only for new accounts at first, then set up a prompt in the app for people to change their password for some months, then finally email them with a link to carry out the password reset at a convenient time. At the very least, you could have seen that I was trying to log in with too-long a password and suggested a password reset. Passwords should be stored as salted hashes anyway, so 20 characters gets you no database storage benefit unless you’re violating good security practices. You’re not doing that, are you? And if you *are*, foolishly, storing actual passwords encrypted or not, why don’t you just truncate my 28-character password and upon sign-in do the same thing? I have reset my account, but your habit of doing things to the app that make it not work, and which I only discover seconds before wanting to get on a bus, is really lame.
Review by Emtucifor on Transit GO Ticket.