No announcement yet.

New Password Error on New Account Creation - Front End & Back End

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Password Error on New Account Creation - Front End & Back End

    As recently as Monday, we created new accounts via our front end for a couple of call-in customers (have been doing this for years). To keep the process fast, we typically enter a short 5 to 6 character temporary password just to get through the process and then let the customer know they can change it any time via the "forgot pw" link.

    Yesterday, I tried to do the very same thing but the process failed by throwing up an error message that said:
    "Password Policy: Password must be at least 8 characters long and must contain at least one number (0-9), one uppercase letter (A-Z) and one lowercase letter (a-z).

    This is the message that's *SUPPOSED* to show IF we had selected in the backend the requirment for "strong passwords". But we have NOT selected strong passwords.

    In fact, our further testing shows that we get the same error when trying to create a new customer in the backend using the Customer>AddNew process, but do NOT get the error when trying to create a new customer in the back end during a phone order.

    Also, because we seem to get away with using ANY 8 characters, this problem does not seem to be completely tied to the "strong passwords" feature since that does require other things and not just 8 characters.

    We submitted a ticket to support, but sadly, their response was : "When testing the registration on your site, I do see that there is a minimum of 8 characters required.".

    Sorry, but stating as fact, the text of an error message that has never shown up before is NOT how you troubleshoot the problem of an error message showing up where it doesn't belong. [face palm]

    Can anyone who does NOT have strong passwords enabled for customer accounts, and has used 5 characters passwords in the past, please run some tests and let me know what you find?

    Or, does someone have information indicating that between Monday and Wednesday of this week, the 3dcart system was fundamentally changed with no notice given to us?

    Many thanks in advance.

  • #2
    Hi JustPoppin

    I've forwarded your post to one of the support supervisors so they can look into this (and the ticket) for us as well.
    Thanks for the heads up!


    • #3
      VERY much appreciated 3dcart-Henry We've been banging our heads against the wall for a couple of days about this (and for many hours prior to submitting the ticket in the first place). :-P


      • #4
        Hello...I just submitted my 2nd ticket regarding this issue - the first ticket they said my issue was with my custom template but we are having the same errors on the backend as far as requiring a strong password. This started for us on Aug. 18th which may coincide with a version update to 6.7.2. I'm positive that is the only change as far as 3dcart goes and I didn't touch any of my registration or checkout templates before then.

        I'm glad I'm not the only one having this issue!


        • #5
          JustPoppin have you received a response from 3dcart yet? Password complexity is now a requirement to be PCI compliant - so I will imagine the Use Strong Passwords option will eventually go away since it's now a standard requirement.


          • #6
            brian.bills Yes we did hear back from support. I should have updated here, but you know... 24 hours in a day...

            3dcart made a change that now requires pw to be minimum 8 chars. I mentioned this just today in another thread where I said that store owners should have been alerted to this BEFORE the change was made.

            I have no problem with the change itself, but depending on where you were in the system - front end, back end area X, back end area Y, - you would get different and and incorrect error messages about what the problem with the pw was. Haven't had time to go back and check on the inconsistency issue we were experiencing.

            SO... YOU are right in that it was NOT your fault or the fault of your templates. It was the 3dcart update changing the requirement but then displaying the wrong error messages. We're re-writing the error message to match the actual requirement now.


            • #7
              Can we have override this password requirement? I hate going to sites when they need everything but your birth certificate and will usually move to another site before I would purchase from them. We do not want to be one of those sites and will take in on the chin with fraud - before we lose a customer.

              How can we go back to the simple password?

              Thank you,