T-Mobile doesn’t want my keypresses.

(For background, you may want to read about the time I’ve spent trying to get my T-Mobile account working as expected.)

Today I tried to pay my phone bill and noticed that the T-Mobile website account associated with my current number had been deleted (presumably this happened when my plan was cancelled). This was unexpected, but only mildly frustrating. I went through the registration process, generated a new password in my password safe, and pasted it into the field.

Nothing happened. They were preventing pasting, presumably as some kind of demented ‘security’ measure.

Mildly irked, I typed in the generated password. It was only when I typed in a second time that I noticed I’d run over the maximum length and was losing the last character. But wait, my new password was the same length as the old one for my account – had I been getting cut off the entire time? I tried adding some gibberish – I wasn’t anywhere near the maximum length.

I looked at the generated password more closely. The last character – the one I couldn’t type. Dots connected and neurons fired. I fired up Chrome’s developer tools as a sense of bemused horror crept over me. I almost didn’t want to spend the time – it was so absurd, after all. It couldn’t be.

 function keyDown(a){if(a.keyCode==86){a.preventDefault()}}

And yet it was. They weren’t blocking pasting – they were blocking all ‘v’ keypress.

I had a pretty big smile on my face at this point. This code would have been bad anywhere, but without any knowledge of their codebase and with an admittedly mediocre aptitude for JavaScript I had found the problem in perhaps fifteen minutes! The idea that a major US telephone company would feature it on their production account registration form was silly enough that I promptly tweeted about it.
But it gets sillier.
A little later I decided to write this blog post as an addendum to my other T-Mobile post and looked into whether anyone else had noted the problem. The first relevant hit was for T-Mobile’s support forum where it was recently confirmed as “a known issue that we are working to resolve“. The second was for an earlier post about a similar issue.
tl;dr of the above: being unable to use ‘v’ or ‘V’ in passwords has been a known issue, and likely on some kind of tracker or bug list, for at least half a year.
  1. T-Mobile doesn’t want my money. | Ironypunk Is Dead - pingback on 20/05/2012 at 20:02

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackbacks and Pingbacks: