top | item 41477699

(no title)

I hadn't realised until reading this, that I use this exact method for Best Buy.

Not intentionally though - I have my password stored in 1Password, so I know it's correct, yet every time I try to purchase something through bestbuy.com I trip some sort of ATO protection that falsely claims my password is invalid.

I'm entirely willing to believe it's something on my side (ad blocker, local DNS blacklisting, etc.) but after a certain number of occurrances, you get bored trying to debug the problem and just follow the path of least resistance.

discuss

dqv|1 year ago

> Not intentionally though - I have my password stored in 1Password, so I know it's correct, yet every time I try to purchase something through bestbuy.com I trip some sort of ATO protection that falsely claims my password is invalid.

Are you sure it's not a maxlength mismatch? It is very common to have the "change password" field to have a different (or no) maxlength and then have the login page have a different maxlength. So you change your password to some 60 character password, then you log in where the maxlength is only 40 characters... wrong password! I actually have a policy now of having the maxlength stored in application config so it propagates to all password fields in my apps.

Edit: Just checked and yes there is a length mismatch (form to set password has maxlength of 54, but login page has no maxlength set). So if your password length is > 54 and 1Password doesn't automatically cut the password it stores to 54 characters or fewer, you won't be able to log in.

coldblues|1 year ago

I know a few sites, one of them being Spotify, that will lock your account based on "suspicious activity", lie that your password is invalid, and force you to reset your password.