If you know what you're doing why select a  20 character random password ?

You're creating your own problems.

There is no indication when signing up for the first time on a plusnet user account on a website that those same account credentials will be later used for broadband authentication.

20 character passwords are the default for my password manager out the box, and this is the first time that a hidden issue like this has ever occurred.

If you can't see why having two different password requirements enforced on the same password is a massive problem that would take a competent software engineer less than an hour to correct for all future interactions, then, respectfully, you don't know what you are doing.

@munchingfoo @Champnet There are other devious mismatches too as I have mentioned in the past.

I can't recall the exact details now but the rules around special characters are different for the account password and router broadband login!

That got me confused until I worked it out and I'm an IT person who was just trying to change a password - and not even making it particularly long! 

---

@munchingfoo wrote:

If you can't see why having two different password requirements enforced on the same password is a massive problem that would take a competent software engineer less than an hour to correct for all future interactions, then, respectfully, you don't know what you are doing.

---

It might take less than an hour to change the code, but I suspect that the time required for all the checks, balances and testing required to justify and change critical live business software would be a totally different matter.

The problem with any software is that there are invariably ways of breaking it by not following the instructions, and sometimes by following them. I mention the latter on recalling a customer in my previous life who complained that an instruction we had given was: 'press any key'. Having tried every one he discovered that the Escape key wouldn't work and insisted that we changed the instructions.

I would question the justfication for using a 20 bit random password generator. In practical real world terms this is a total overkill.

---

@Baldrick1 wrote:

---

---

It might take less than an hour to change the code, but I suspect that the time required for all the checks, balances and testing required to justify and change critical live business software would be a totally different matter.

---

This would involve a massive change to the database system, associated indexes and supporting programs. Not quick, not cheap.

I do accept @munchingfoo  criticism.  There should be a prominent simple guide explaining acceptable password makeups...........

---

@Champnet wrote:

I do accept @munchingfoo  criticism.  There should be a prominent simple guide explaining acceptable password makeups..........

---

I agree. I'm not defending the status quo, just pointing out that it's not as quick a fix as may be imagined.

@Champnet @Baldrick1 

I think you are looking at this from the wrong end. I am not asking for them to update the broadband authentication system to enable 20 character passwords. That would require a year or more of engineering work. I am asking for them to align the user creation password requirements enforced on the user interface to that of the broadband authentication system, or if the acceptable passwords for the broadband is not an exact subset of the user creation DB then the intersection of both requirements.

The only thing that would be required is to update the password requirements checking script on the user creation and password reset webpage. It's a two second job, with the associated QA checks taking less than an hour.

The underlying user account database could still logically store and process different password requirements without issue, as long as the web front end enforced the more restrictive policy applied by the broadband authentication, or joint subset.

---

@munchingfoo wrote:

The only thing that would be required is to update the password requirements checking script on the user creation and password reset webpage. It's a two second job, with the associated QA checks taking less than an hour.

 

The alternative is for users and support staff - and forum members! - to spend hours trying to figure out why connections aren't working. Repeatedly.

Of course, the system should never have been created such that there are two different requirements for a password that has multiple uses.

I'd suspect these are mismatched bought-in solutions.

That's what requirements specifications are for. You should buy something that matches what you need, rather then buying whatever someone is selling.

---

@munchingfoo wrote:

The password requirements for a user account on first registration are not the same as those required for the broadband authentication. My password manager selected a 20 character random password for my account password, which was allowed...

---

@munchingfoo - struggling to understand how this was possible 🤔

If I enter the signup process, then I am unable to enter a password that exceeds 16 chars in length. The field validation doesn't seem to permit it. If I attempt entering any more characters than what is seen below, then they are not copied to the screen: -

What web browser were you using and did you have your password manager automatically populate the password entry fields?

The reason your router did not automatically authenticate correctly is unrelated to the password you chose at signup. It actually looks like there was a delay associating the router you were shipped with your account (requisite for the router provisioning to work properly).

@bobpullen 

Thanks for looking into this. Very interesting.

Brave Browser - latest patch at time of sign up (29 March 2025)

Keeper PWM corporate

Auto population through Keeper extension