Citi Password Length Limitation when linking - Citi HTML Bug

BH2

Just a FYI here. I recently had to make a new Citi Cards account and established a password. I chose one with about 55 characters. 64 was the limit. The password field is limited to 50 characters on the login page where Quicken gets link access. This is a Citi bug, and an example of bad programming.

When trying to link the new account to Quicken, you are directed to log into the Citi account to "https://auth.citi.com/ASag/oauth2/login". I kept getting username/password failures. When I called Citi to complain, they said I had 3 login failures since my last login, which led me to believe that the HTML was wrong, and here it is….

<input _ngcontent-ng-c2573511952="" cdsinput="" size="large" id="password_input" name="password" type="password" maxlength="50" minlength="6" required="" aria-invalid="false" class="cds-input ng-pristine ng-invalid cds-input-error ng-touched" placeholder="Password">

So you can change the HTML max length to a higher number or your password to a shorter password. I changed the HTML and reported the bug to Citi.

As a programmer, I would use a max length of 2000 or something like that. The field on citi.com is limited to 524288. I have no idea where this number comes from.

This is a common problem with password pages, password reset pages, etc. It is impossible to change you password when they ask for your current password and you can't type it in because of their HTML limitation on length…..

Quicken Anja

Hello @BH2,

We appreciate you posting this information here in the Community so it can serve to be useful to other users.

Thank you!