Validation on the SMTP password box
Recently, I setup an SMTP account. I used a strong password generator. That password had special characters in it. When I went to use it, I got a very generic message that said Mail Gun does not love my credentials. The could be solved one of two ways. 1) Preferred - Have validation on the SMTP box when you create the credentials to not allow for special characters and a message to that effect if some are used. This would stave off this situation right at the beginning. 2) Not preferred but workable - Change the error message that comes back to say "You have special characters in your password and that is a no-no." I really like 1) the best. Thanks for listening.

1 comment
-
J. commented
Actually, neither of these solutions is acceptable. The correct solution is:
3) Accept all printing ASCII and Unicode chatacters (including spaces) in the password. See NIST Special Publication 800-63B, Section 5.1.1.2 and Appendix A (https://doi.org/10.6028/NIST.SP.800-63b).Barring that, 4) All password restrictions should be well documented in documents, help text, and error messages. A password should NEVER be accepted in setup and then rejected in use.
I spent two hours beating my head against this wall until I finally found this post.