Change password not working on desktop web

  • zaphod's Avatar
    Just looking
    I'm trying to change my password for credit card login. https://identity.tescobank.com/afm/manageSecurity

    I've used the same, short, password for several years and it's really time to change it. I am now using BitWarden to generate long random passwords.
    The website keeps rejecting my attemts to change the password, no matter what I've tried.
    • From the input field source, I see that the maximum length is 64 characters. I tried 32, then 24, to no avail
    • I started with all characters (uppercase, lowercase, numbers, punctuation) and reduced this back to just lowercase and numbers, to no avail.

    Here are some examples of what I've tried and which were rejected as unacceptable (I don't mind disclosing these as they are random and won't be used again; Might also serve to get the attention of some infosec officer who will get this fixed 😎)
    • 6uT*%Nk9B8eBSzFKjP^6R&o4ZhnNxfY3
    • az5r5zap6xc8c4w2uxtsmjv9ohxfvv33
    • qh5yY8HCUsMkAmra86dLUbNFt
    • one3sbpu5heq4bbe29r9pi5ui


    What exactly _are_ the password change criteria? Am I doomed to use the same password forever, until some crook cracks it and takes over? (At least, I suppose, they won't be able to lock me out of my own account by changing it... 🤣)

    Name:  Screenshot 2021-09-16 at 09.00.53.png
Views: 1245
Size:  220.7 KB
    Last edited by zaphod; 16-09-21 at 08:07. Reason: Examples of disallowed passwords
  • 2 Replies

  • zaphod's Avatar
    Just looking
    By trial-and-error I've determined that the problem is with the maximum password length.
    I can change my password fine, using the full set of uppercase, lowercase, numbers and punctuation characters, provided that the length is no more than 20 characters.
    So that's a bug on the form, which specifies maxlen=64.
    Last edited by zaphod; 16-09-21 at 08:38. Reason: spelling
  • RossM's Avatar
    Former Community Manager
    @zaphod Thank you for making us aware of this. I've informed the Online Banking team of the error so they can have a look.