by pfgallagher on 9/9/21, 10:11 PM with 1 comments
On a hunch, I deleted the excess characters from my password. Lo and behold: I got right in. Unless I'm missing something, the only way they could have truncated it thusly would be if they're storing it in plain text, right? Or, as my coworker just hypothesized, perhaps they were accepting longer passwords but only hashing up to 15 characters? Either way, seems fishy. Is anyone able to repro?
You'd think the credit bureaus would have invested in better security / developers after the Equifax breach, but, perhaps not so unsurprisingly, it looks like they still have their heads in the sand.
by MattGaiser on 9/9/21, 10:41 PM