Skip Navigation
Expand
Password maximum limit of 20 characters
Answer ID 12042   |   Last Review Date 03/02/2022

Why is a password longer than 20 characters allowed when use copy and paste? 

Environment:

Oracle B2C Service, Password configuration

Issue:

When setting the password for an account within Account Editor, I pasted in a password longer than 20 characters and confirmed I can then log in with this new password. However, the documentation states "Password length cannot exceed 20 characters". 
 
Resolution:
The text field used to set an account password limits the character string to 20 characters but it is hard to see this when you paste in a password instead of manually typing in the characters. When you try to type more than 20 characters, you'll notice the field does not allow you to type more than  20 characters.
 
Likewise, if you paste in a password longer than 20 characters, it truncates it, so only 20 are accepted. It is not as obvious when entering the password this way. You can confirm it only saved 20 characters by asking the agent to enter the first 20 characters only when logging in, and see they are authenticated through. They will be able to log in because the database only stores the first 20 characters. 
 
For further details regarding Password Configuration: Answer ID 2060: Configuring Passwords for Better Security