Pass phrases accepted as passwords but fail login
Pass phrases are more secure than passwords.
You allow uses to create passwords like "This is my password1234" but when this user tries to login, it will not allow it citing incorrect username/password. Changing the password to a shorter password without spaces solves the issue but reduces the complexity of the password, making it less secure. The password creation screen should either reject passwords which won't allow users to login, or the login should accept valid passwords.
I believe pass phrases should be accepted as logins as they're easier to remember and much harder to crack/hack due to the increased entropy.
Thank you for your suggestion! I'll be forwarding this to our team.
Estelle J, Community Manager