To me it looks like their frontend guy just copy/pasted the password field with all validation over without thinking twice. I wouldn’t say this speaks to their general security competence.
While that may be true(copy/🍝), it implies that their code quality and QA process is broken and some of the most important fields/data are not being closely looked it. It certainly DOES speak to their overall security competence.
Could also be backend validation is broken, so FE just shows the user something useful rather than waiting for backend to reject and show a generic error message.
To me it looks like their frontend guy just copy/pasted the password field with all validation over without thinking twice. I wouldn’t say this speaks to their general security competence.
While that may be true(copy/🍝), it implies that their code quality and QA process is broken and some of the most important fields/data are not being closely looked it. It certainly DOES speak to their overall security competence.
Could also be backend validation is broken, so FE just shows the user something useful rather than waiting for backend to reject and show a generic error message.
That would be actively malicious. I don’t know how anyone could get the idea to just show “something” if the backend sends a generic error message.