Newsblur isn't saving my randomly-generated password correctly

I use a password management app to save a randomly-generated password unique to each app that I use. So my password might look a lot like this (not my actual password):

Y\JN+B70N3K_2(QUPyI>

It looks like Newsblur isn’t saving my password correctly (stripping out the punctuation maybe?), because when I save it, then copy/paste the same password to log in, it fails.

I can reproduce this issue like so:

Click the “Forgot Password” link in my email
Log-in succeeds, I see the account settings popup
Paste in my password.
Click outside the popup
Click “Logout”
Enter my username and (the same, I’m just pasting it in from the clipboard again) password
“Whoopsy-Daisy, Try Again”

1 Like

Sounds frustrating! I’ve run into issues like this on a few sites. Sometimes it’s because my password exceeds an unspoken length limit.

Just as a point of reference, here on Newsblur I successfully use a 30+ char randomly generated password with lowercase, uppercase, numbers, and several punctuation-type characters.

I have no idea. I use Django’s built in auth, so I barely control that.

To be perfectly honest, about two years ago, I used a javascript keyboard plugin that wasn’t properly written to include password dialogs in its ignore whitelist. Because the j and k keys were shortcuts for next/previous story, any password with those two characters were missing them. So there’s a vestigial hack to take care of one of the most frustratingly bizarre bugs I’ve ever had to deal with. But that’s about it. And it only fixes your password on login if your supplied password doesn’t work. (It just stripes out j and k from your password and tries again transparently).

I’ve just exposed an attack vector that’s maybe a couple millimeters wide.

Oh right, your issue. Try a simple password, and see if that works. Then add in special characters (maybe skipping the punctuation?) and see if it sticks. It works for me, so maybe something is wrong with my production server and not dev machine.

Turns out that I can’t even get a simple password to work. I’ve tried using both the “change your password” thing that pops up from my Forgot Password link and the “My Account” item in the gear menu. I change my password, I log out, I log in with that password, it doesn’t work :frowning:

I’ve got two (wildly uninformed) theories:

* My account (rricard) is just screwed beyond repair
* I’m at work and the websense filter (which doesn’t block Newsblur, but does seem to create all sorts of weird edge cases) is screwing with something.

I’ve got a pretty good workaround with the forgot password link in my email, but if you could reset my password from your end when you’ve got a minute and email it to me, that’d be pretty cool.

Thanks

If possible, maybe try resetting password stuff on the “simplest” possible combo of browser and net connection: a completely unmodified version of Firefox/Chrome/IE on your unproxied home cable for example.

I suggest this because 1) you mention the websense thing may be a factor and 2) the otherwise excellent LastPass add-on for Firefox caused me similar bizarro-world can’t-win password situations with sites like Twitter once or twice. (I only realized LastPass was at fault when I tried changing the password in unmodified IE and everything worked perfectly.)

(What was happening was that LastPass misread the password-change form as the regular password form, so after I typed in my new pw and clicked submit LastPass was replacing one new password field with my old pw and blanking the other.)

Yeah, I haven’t seen any issues in an unmodified browser, so your best bet would be to change your password while at home.

Forgot about this for forever, but I’m at home now on my normal internet on my normal browser (Chrome), and I still can’t get a password to hold.

Here’s what I’m trying (done it a couple times now):

Click the “forgot password” link from my gmail archive
Fill in a password in the popup
Click save
Click outside the popup
Click logout
Try to log in with the same password… no luck.

Maybe try sending me a new “forgot password” link? I’m a programmer by trade and this is just as weird to me as it must be to you, so I totally understand if you want to nuke my account from orbit and start over.

It’s unlikely to be anything about your account. And the forgot password link would not have changed (your secret token has not been reset).

Make sure that when you enter your password, you see every character being entered in. As in, verify the length of the password. Make sure that no character is going somewhere.

I would just set it to ‘aaa’ and see if that works. Is there anything else you think could be causing it? I can verify that passwords work, since I demo NewsBlur constantly and find myself mistakenly entering in my password often enough.

So I don’t know what was actually wrong here, but the redesigned “Forgot Password” form seems to have fixed it. I have a password again!

Thanks for all the hard work on Newsblur, Sam.