Swann encouraging weak online security practices with the app

Userlevel 2
I had to do a password reset, and every time I was asked to enter in my new password it would just go to a blank blue screen after I submit - no messages, nothing.

I did this several times entering different new complex passwords and kept getting the same result.

Then I thought that maybe my passwords are too complex. I've been generating them using lastpass and typically look something like this: 1vNUCoMp*47QaKB&ur (FYI that is not my password!).

Anyway, I decided to try a weak password - no special characters or numbers, just a single word - and this time it worked and I saw the 'Congrats' message. Wow.

So anyway, Swann, that's pretty piss poor on multiple levels I have to say. If there are restrictions on the type of password allowed (length, character types etc), then say so on the password reset form instead of wasting my time with multiple failed attempts. And if this is the case, consider removing the restriction anyway and let people use complex passwords of their own choosing.

This is a very lousy start for someone who has just joined your ecosystem, and it makes me wonder what lax practices you might be employing elsewhere.

Anyhoo, I offer this information for others who might have struggles with the same issue, and also to motivate you to sort out this glaring problem.

2 replies

Userlevel 4
Hi mikeyo,

Which password setup were you using here? I can't tell from your description of the issue.

That example password that you offered is 18 chars long. I have encountered many password mechanisms that will top out at 16 chars. Could that have been the issue here, how short did you go?

I can investigate further once you let me know which password scheme this was.
Userlevel 2
@Michael It's been so long I honestly can't remember for sure, but I think it may have been with the Swann Safe app on Android.

Other apps and websites don't have an issue with me having passwords more than 16 chars. I have Lastpass set to generate 18 char passwords and it's never been an issue.

That said, it's pretty basic practice to give the user feedback when the password reset form fails instead of showing nothing. And in this case especially easy seeing as the problem may have been as you pointed out, just too many characters.

Anyway, yes my new password was less than 18 chars which is why it eventually worked.