Apparently the password had a character limit that wasn't mentioned when signing up and was silently truncated server-side. A bit of investigation showed the <input> had maxlength="20" which is only enforced when typing characters. When using Javascript to fill a form will just ignore this attribute. https://codepen.io/jspash/pen/XWerVzY
One bank specifically I have to deal with will:
- Not allow you to paste a username/password (ctr+c/ctrl+v, right click disabled)
- Lastpass autofill doesn't work
- If the page loses focus, both user/password inputs are cleared, you get to start all over.
There is also a very small subset of special characters that are allowed. If you do not reset your password as often as they'd like, you have to agree to waive any responsibility for any issues with your account before logging in.
SMS 2FA required, there's no other 2FA option.
After entering your 2FA code, the "proceed" and "cancel" buttons are the exact same shape and color and I've hit the wrong one multiple times, in which case there is also SMS 2FA cool down and you have to wait 15 mins to start all over again.
It's absolute insanity and every time I have to login its an adventure.
