(Rant) Limitations on password length for IndusInd Net Banking

[Copycat]

Today, I wasted a lot of time trying to login on IndusInd Net banking. Changed my password several times and after each time I could not log on. The problem was the password length

Setting password part:
When setting the password, IndusInd allows you only a 13 character long password. As all my passwords consist of 15 characters or more, I didn't realise that it had stopped accepting after the 13th character. No message was displayed (at least, none that I saw)

Using password part:
And when I tried to login it easily accepted more than 13 characters (this part is perfectly fine, for security reasons it should not impose a limitation). So it naturally failed.

What really irritated me were the following
a) In the setting part a message should have been displayed stating the limit, and the user should have been stopped after the limit is reached. This didn't happen
b) I set the same password again and again several times, and it allowed me to do so. The safer policy would have been to disallow 'n' old passwords (where n is usually 3)

 

[anonymuos]

I agree. It was rather annoying. Had to set a difficult to remember password.

At least with all other banks including IndusInd except Yes Bank, I can A. Save the password B. Copy the password or any field and paste it (with a special Javascript/userscript I use) to override paste disabling. With Yes Bank, it doesn't save it and forces you to type the password. Pasted password is considered invalid. Due to this behavior, I would rate Yes Bank as having the worst net banking of all.

 

[Mritunjay]

I agree. It was rather annoying. Had to set a difficult to remember password.

At least with all other banks including IndusInd except Yes Bank, I can A. Save the password B. Copy the password or any field and paste it (with a special Javascript/userscript I use) to override paste disabling. With Yes Bank, it doesn't save it and forces you to type the password. Pasted password is considered invalid. Due to this behavior, I would rate Yes Bank as having the worst net banking of all.

can you share the javascript snippet? Some banks dont allow pasting even after i remove paste eventhandler from input.

 

[anonymuos]

I installed TamperMonkey web browser addon and then this userscript: https://greasyfork.org/en/scripts/23772-absolute-enable-right-click-copy

If you use WhatsApp Web, be sure to modify the user script to include it otherwise WAWeb malfunctions with copy-paste functionality:
// @exclude https://web.whatsapp.com/*

Also another userscript to override Ctrl key interceptions (for Ctrl+C/V):

How to forbid keyboard shortcut stealing by websites in Firefox

Many websites, especially everything involving rich text editing (this site is guilty as well), steal keyboard shortcuts normally used to control Firefox and make them do something else instead. It...

superuser.com

 

[Copycat]

I'm using password with 24 characters (Caps, Small, Special Character, Number) and working fine, no issues.

Try forgot password and use the virtual keyboard to set. It does not go beyond 13 characters. I just tried it out. Make sure you use the virtual keyboard



If you use the physical keyboard it goes much further. I'm beginning to think I should make a career out of being a bug finder for IndusInd. All their weird issues seem to affect me

This is something new from them. My previous password set some months ago was 16 characters long (upper, lower, special, num) and I must have set it via the virtual keyboard because as far as possible I only use the virtual keyboard