Kaupthing, bank with only 10 letter password enforcement



  •  Kaupthing, one of the banks in Iceland (and the one that went bankrupt) has now without a notice of any kind to their customers, enforced a 10 letter limit on the password box.

     Kaupthing login

     Straight from the Source Code(tm):

    <input name="ctl01$_InnskraningInnslatturForm$m_tbLykilord" maxlength="10" id="ctl01__InnskraningInnslatturForm_m_tbLykilord" class="inputBoxesNormal" autocomplete="OFF" style="width: 120px;" type="password">

     The worst part is that I know a lot of people who had their passwords longer than 10 letters before this was changed suddenly and therefore cannot log in. When they contacted the bank, they just told them to change it when they come to the bank. They are not planning on changing this in the near future.

     I have bypassed this with FireBug but not everyone can use that.



  • I long ago got into the habit of fixing overly-strict form constraints by downloading the page, doing a find/replace to change all relative links to absolute, and editing the form. If your friends are stuck with IE that's probably the easiest solution.



  •  No wonder they went bankrupt, although if they don't check server-side how long the password is, it makes you wonder what else they don't check...



  • @bob171123 said:

    No wonder they went bankrupt, although if they don't check server-side how long the password is, it makes you wonder what else they don't check...

    "You have asked to withdraw 1 billion dollars*.  Are you sure you have this much in your account?  Please don't withdraw more than you have in your account!"

     

    <font size="1">*Or whatever shiny rocks or beads you primitive snow people use for money.</font>


  • Discourse touched me in a no-no place

     Do you have an apostrophe in your password?



  • @HonoreDB said:

    doing a find/replace to change all relative links to absolute
    May I suggest using the base tag instead?



  • @Zecc said:

    May I suggest using the base tag instead?

    TRWTF is that some search bots don't understand that tag, fucking up my access logs with gets of http://my.domain/home/home/home/home/home/home/...


Log in to reply