I learned this too recently when my password, which starts with a special character, suddenly was being rejected.
Turns out they use a Javascript validator on passwords, not only at creation, but also when you're logging in (beats me as to why). I found a page on their site that doesn't do the check and I can login fine there.
Storing the password in plain text is absolutely inexcusable. I'm an idiot and my passwords are stored PBKDF2/SHA512 - not like it's difficult.
Turns out they use a Javascript validator on passwords, not only at creation, but also when you're logging in (beats me as to why). I found a page on their site that doesn't do the check and I can login fine there.
Storing the password in plain text is absolutely inexcusable. I'm an idiot and my passwords are stored PBKDF2/SHA512 - not like it's difficult.