I've seen and read all (or at least many) of the posts on Minimum password length, but never on MAXIMUM password length. It appears, at least in DNN 3.1.1 to be 14, but I have yet to see any documentation. The issue I seem to be having is that there is no apparent length check when you set the password, so a23456789012345 ... is accepted, however it is not accepted when the user tries to login with this password. Backing out 1 character allows the user to login, so obviously 14 is OK, and 15 is over the limit.

It seems far too easy a limit to cross but I searched for posts both here and at ASP.net and it looks like I am the only lonely soul with this issue which makes me wonder if I may off base. Is this an undocumented limit, or have I missed something?

I am  not sure if I tried to post in the wrong area, but when I attempted to post this on Gemini I got an error indicating I should advise the Gemini Admin in my organization.

I tried to post this in the Security Component :

The change password feature for both the user and the administrator allow passwords longer than the provider allow. The interface indicates the password was successfully changed. The user is subsequently unable to login. The interface indicates a user name / password error. At least with the SQL provider the legal limit seems to be 14 characters.

There needs to be a mechanism to prevent the setting of illegal length passwords and messaging to indicate that length.

To replicate the problem:

1) create a test user on a 3.1.1 site
2) set the password to more than 14 characters
3) attempt to login with this password

There appears to be a similar issue in DNN 4.x somewhere above 20 characters but testing is hampered by the inability to determine the number of characters above 20 in the password text box.