Go Daddy’s Database Creation Form: Horrible Password UX

A very poor decision was made by somebody at Go Daddy. That decision caused me hours of frustration and delayed the launching of a client’s website. Behold, the 14 characters that caused such grief:

maxlength="14"

When creating PHP websites, I, like many web developers, develop locally first. Once the client is happy with the website, I get things ready for production by uploading the code, creating a database, and importing the data. My troubles occurred with creating a database, specifically with the database password. Here are Go Daddy’s password criteria:

  1. be 8-14 characters long
  2. start with a letter
  3. include a lower case letter
  4. include an upper case letter
  5. include a number
  6. include a special character (!,@,#,%)
  7. not include these characters (^,\,$,`, )

Go Daddy has client-side password validation so that you can see which criteria your password meets and which it doesn’t. Now, given the popularity of phpMyAdmin and the fact that it generates 16-character passwords, I’d be willing to bet that there are a lot of MySQL database passwords out there that are 16 characters long. I also think it’s fair to assume that a significant number of web developers have their development database and production database share the same name, username, and password just to keep things simple. It’s not like it’s the root user, so why not?

Given these things, it’s only logical that it would be common for people to paste their database password into the password field on Go Daddy’s “Add a MySQL Database” form. And that’s a problem. Why? Because that password field has its maxlength attribute set to “14”. This means that if you paste anything more than 14 characters into it, whatever you pasted will be truncated without warning. So pretty much the only way you’ll notice that it got truncated is if you have a password significantly longer than 14 characters. Then, of course, you won’t be able to access your newly created database but, of course, Go Daddy’s tech support will be able to access it just fine. So I have some questions for Go Daddy:

Why limit the password length to such a small number? And if you’re going to do that, why not have that number be 16 since that’s the length of the passwords generated by phpMyAdmin? Next, why put the password’s maximum length in the HTML? The rest of the password criteria are checked client-side, so why not the maximum length as well? This way, if somebody pastes a password longer than the maximum length, “be 8-14 characters long” would get an “X” next to it and the person would realize that the password is too long.

Of course, the chances of Go Daddy reading this are slim to none. Even if they did read it, I highly doubt they would do anything about it. But maybe this blog post will help somebody else facing the dreaded “#1045 – Access denied for user ‘foo’@’172.16.254.1’ (using password: YES)” message.

Lastly, I want to say that the only reason I was using Go Daddy is this particular client was already a Go Daddy customer. Otherwise, I most definitely would have went elsewhere.

Advertisements

7 comments

  1. Hey Adam & everyone else experiencing this issue,

    I’m Dante Baker the Product Manager for Managed WordPress at GoDaddy and wanted to give you a quick response to this issue.

    First, Adam, thanks for bringing this up and trying to help out others that ran into this problem. I’m a big fan of communal knowledge sharing and this is a good example of just that. That being said, I would rather we at GoDaddy resolve this problem such that it doesn’t need to be addressed in the first place.

    I’ll be reaching out to our MySQL team to see when/how we can address this and would love to hear about any other issues you have with our services. Thanks again for the feedback, feel free to use my email address listed below, and know that we’re working hard to resolve issues like this so that you don’t have to go to other hosting providers.

    Dante Baker
    Product Manager Managed WordPress | GoDaddy
    dgbaker@godaddy.com

  2. Great article that saved us a ton of time. Kudos!!

    Nice to see the response from Dante at GoDaddy as well. It really is the small things like this that has us direct clients to other providers (from whomever), so great to see that there are people who care working on things like this over there. Keep up the good work!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s