The system doesn't appear to handle hash-like strings as passwords in the way I would expect. According to best practices in authentication, a system should be agnostic about the characters used in a password as long as they meet security requirements. Whether the password is a simple word or a string that resembles a hash (A{S}Da(!3)ASnaas%lda!/asd for example), the system should:
1. Hash and store the initial password.
2. Allow the user to authenticate later by entering the same original string.
It appears that the current implementation might not support this standard behavior, which could be seen as a limitation or oversight in the system's design. I recommend revisiting this aspect of your authentication process to ensure it aligns with industry standards for both security and user experience.
Yes this is so true.
The system doesn't appear to handle hash-like strings as passwords in the way I would expect. According to best practices in authentication, a system should be agnostic about the characters used in a password as long as they meet security requirements. Whether the password is a simple word or a string that resembles a hash (A{S}Da(!3)ASnaas%lda!/asd for example), the system should:
1. Hash and store the initial password.
2. Allow the user to authenticate later by entering the same original string.
It appears that the current implementation might not support this standard behavior, which could be seen as a limitation or oversight in the system's design. I recommend revisiting this aspect of your authentication process to ensure it aligns with industry standards for both security and user experience.
This is poor development and security practices.