I was just reading Fred Langa's Page and came accross this and thought I would share. It may be in the wrong Forum but thought more people may see it here.
Jay

FrontPage Password Bug

Do you use FrontPage, Microsoft's Web page and site creation tool? If
so, you should know that FP silently truncates your web passwords.
I found this out quite by accident when I was trying to follow good
password-creation practice by creating a new password that's a
combination of a word and numbers--- something like "RUTABAGA8765."

Because no normal word contains numbers, this type of password defeats
"dictionary" based password crackers who simply try every word in a
dictionary. Or, to put it another way, a dictionary may contain
"rutabaga" but it will never contain "rutabaga8765."

The trouble is, FrontPage lets you type in very long passwords, but then
silently truncates them at the 8th character.

Say you set your FP web password to something like RUTABAGA8765 (any >8
character password). You will be able to log in simply by typing
RUTABAGA (just the first 8 characters of the password).

Yes, you still can log in with the full RUTABAGA8765, but also as just
plain RUTABAGA or with RUTABAGA8765765543 or anything over 8 characters-
-- because only the first 8 characters count.

This was news to me. I could find nothing in the Microsoft KnowledgeBase
about this; nothing in FP's help about this; and FP generates no
warnings when it truncates your password.

So, if you try to defeat dictionary-based password crackers by using an
alphanumeric FP password, you must make sure the total password length
is <8 characters or your brand new password may end up as the plain-text
word you were trying to avoid!