How not to ask a newly registering user for a password

Found Tenet spies! These guys are moving backwards in time.

I find this astounding. I was just working on a workflow that deals with setting passwords, and we try to make passwords more complex, requiring special characters and a certain length. These guys (Fidelity, to be exact!) are moving backwards in time, restricting your password to only certain special characters and not others.

I see absolutely no good reason for this. If they are concerned with a sql injection attack, they need to solve that internally without sacrificing user experience.

Actually, after clicking through some of the other workflows on fidelity website, I couldn’t even click a “continue” button, and there was no error. Inspector said there is a 500 code response from the backend. Therefore I give Fidelity’s technical team a low rating of 2/5: not trustworthy. I understand that technology is hard, but also they have money to hire people, and they should really get on top of their own tech stack.