Since I’m using a password manager, I’m generating >24 digit passwords, because I’ll never have to type them. You would be surprised how many websites cut everything after 24/32 digits during registration without notice, but suddenly allow more digits in the login form, leading to login issues.
I haven’t had an issue with iCloud and use it everyday. I wonder if it’s specific to a certain product or workflow.<p>But I’ve used other services (Facebook, for example) that interpret my last name as a boolean and throw errors.
There was a bug (maybe still is) in airbnb where setting your name to include a certain character would brick your login to the web app because it broke header parsing. Reported it but was deemed 'non critical'..<p>Edit, just looked up the mail<p>- It was an 'equals' sign<p>- the reply was:<p>" It sounds like you cannot cause someone else's account to be in this state, only your own account. Is this correct? How would you get someone else to change their account name so that it includes an equals sign?<p>It appears that there's no way to cause another user's account to get into this state, and in this case, I do not see a security implication here. "
I always baffles me when I encounter a service that uses a different validator for sign up than sign in. Firstly, why write this twice. Secondly, it can cause so many headaches.<p>the one I run into a lot is a + in an email address.<p>I like to use them on sites I think will likely sell my email address so I'll do something like "my.normal.email+websitename@gmail.com"<p>I rarely have trouble signing up with this email address, nor verifying it, but then you go to login and splat.<p>but not properly escaping the lastname of "true" just seems way to basic for a service as large as icloud.
Nothing as critical (the negative effects were mostly on my company’s side), but I have created problems for a lot of O’Briens, O’Tooles and other people with similar names.<p>I am a lot more humble about handling people’s names when writing systems these days...
I'm curious: if Apple decides not to fix this bug, does Ms. True have any recourse? It seems that in America businesses have the right to refuse service at their pleasure, except for specific forms of discrimination which are explicitly banned. Could Apple, legally, decide that fixing the bug would cost more than they expect to make from her as a customers, and simply reject her business?
My last name is Marié and I smile every time I see write MARIE without the accent, maybe one day it will be a thing of the past and people will stop thinking I'm a girl named Marie
Why do you even have to use your real name on these services? A single "name" field would be so much friendlier for those who want to use a nickname.
Just wondering, is there a source listing good practices when it comes to implementing how one should sanitize real-world, subjective fields like human names, gender, race etc.? And other gotchas while implementing similar things?
Also <a href="https://news.ycombinator.com/item?id=26364569" rel="nofollow">https://news.ycombinator.com/item?id=26364569</a>