More likely it’s happening because the password change field silently truncates your input and the login field doesn’t, or vise-versa, because whoever designed the web page or system is stupid.
That is a possibility. But then actually setting a completely new password shouldn’t work, yes? Because when you go to use it, it won’t work.
I doubt that’s the “more likely” scenario.
Tons of people have reset a login more than once, and then forget, which is what leads to this scenario.
When they forget the new password, but re-remember a previous one, they try to use it to log in. When that fails, they go to reset it again, and they try to set it back to the password they remember. Which doesn’t work, because it is a previous password. But at the same time it is also not the current one.
The supposed catch 22 is that if it can’t be their new password, it should work to log in. And if it can’t be used to log in, then they should be able to set it as their password.
In reality the password has already been used, but before a previous reset. So it is neither a valid new password, nor the current password. This does not occur to people.
This can happen in any correctly configured service that prevents password re-use, and is therefore the far more likely scenario.
More likely it’s happening because the password change field silently truncates your input and the login field doesn’t, or vise-versa, because whoever designed the web page or system is stupid.
That is a possibility. But then actually setting a completely new password shouldn’t work, yes? Because when you go to use it, it won’t work.
I doubt that’s the “more likely” scenario.
Tons of people have reset a login more than once, and then forget, which is what leads to this scenario.
When they forget the new password, but re-remember a previous one, they try to use it to log in. When that fails, they go to reset it again, and they try to set it back to the password they remember. Which doesn’t work, because it is a previous password. But at the same time it is also not the current one.
The supposed catch 22 is that if it can’t be their new password, it should work to log in. And if it can’t be used to log in, then they should be able to set it as their password.
In reality the password has already been used, but before a previous reset. So it is neither a valid new password, nor the current password. This does not occur to people.
This can happen in any correctly configured service that prevents password re-use, and is therefore the far more likely scenario.