Other > Website Support

Password recovery from hell

(1/3) > >>


Site claimed my password is incorrect (it actually wasn't but let's move beyond that, my PW manager does not make mistakes)
After 3 login attempts, it brought me to a reset password page and here the fun starts, it asked me to enter my username or email, I entered username (so far, so good)

The IP listed in the mail request does not match my actual IP, which usually indicates something...

IP: 162.158.x.x
Username: eRe4s3r

IP: 92.78.x.x
Username: eRe4s3r

But that is not the best, the best is that the password fields and the text (the ***) in the change dialog are white on white, and I can't see what I am typing nor whether I even typed anything in the fields, best: I can't copy paste passwords (you know, kinda required for 20+ random chars) in the verify password field. Only way I could get the site to even let me in is force Lasspass to generate and fill both fields with a password it generated.

So yeah....

For some reason it refuses to accept the (newly generated) PW entirely after a certain time as well despite it working fine (once) to log in... something is really broken

Oddly, while my password is still accepted, I find myself needing to log in every time I visit (seemingly) after months of being just auto logged-in.

Yeah something odd is going on that's for sure, Lastpass informed me that the site has 3 known passwords, and it listed Mantis as one of them (one of the BIG problems of running Mantis on your forum domain by the way)

Today when I came here, I was logged out and informed my password (from the previously working auto-login) was invalid. Since I have Lastpass set to auto-login on this site this threw me off, since I *know* that the password Lastpass had for this site was correct, I mean, it logged me in correctly at least a few years now ;P

On pw regen it let me log-in with the newly generated password and when I came back (it was set to time-out after 60m) I was logged out and could no longer log in with the newly genned pw... 2nd time I used a password with .. ehm, less chars to see if this was a related, and it seems like it is related to PW length.... when I pasted a 20 char pw in the field it did not let me login, I think something is really going wrong with the salting and hashing when PW has specific chars or char numbers.. but maybe that's totally wrong ;p

Either way, something odd is going on on top of the "bugs" with the PW reset as a whole. Did the domain or structure change?

Btw, it doesn't even show my correct IP in this forum info thingy but that's probably not related.

Lots o' text here. ;)

Quinn has fixed things up so that the wiki and the forums use the same password now, but a recent forum update busted some stuff relating to logging in in general.

Mantis now has its own subdomain to try to solve that issue with password keychains.

If you're still having this problem this morning, please let us know!

So a case of odd timing then? Changing password while logged in at least worked fine.. let's hope it continues working ;p


[0] Message Index

[#] Next page

Go to full version