Passwords that include ( # and or ! ) not working on mobile devices, but work on Windows or PCs

%3CLINGO-SUB%20id%3D%22lingo-sub-3073254%22%20slang%3D%22en-US%22%3EPasswords%20that%20include%20(%20%23%20and%20or%20!%20)%20not%20working%20on%20mobile%20devices%2C%20but%20work%20on%20Windows%20or%20PCs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3073254%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20experiencing%20issues%20with%20some%20of%20our%20users%20where%20they%20have%20a%20%23%20and%20or%20a%20!%20in%20their%20password.%20when%20they%20use%20SSPR%2C%20to%20create%20a%20new%20PW%2C%20the%20passwords%20seem%20to%20work%20fine%20on%20their%20work%20station%20endpoints%20but%20they%20are%20having%20issues%20accessing%20applications%20with%20the%20new%20PW%20on%20their%20mobile%20devices.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20documentation%20that%20discusses%20the%20complexities%20of%20%23%20!%20contained%20in%20a%20PW%3F%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20conflict%20when%20I%20select%20'SHIFT%20%2B3'%20to%20get%20the%20%23%20symbol%20as%20opposed%20to%20my%20onboard%2C%20digital%20keyboard%20on%20my%20phone%20where%20'Shift%20%2B3'%20is%20not%20needed%20and%20I%20can%20simply%20select%20the%20%23.%20Same%20with%20selecting%20'Shift%20%2B1'%20for%20!.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20looking%20for%20any%20documentation%20to%20elaborate%20on%20this%20scenario.%20Thank%20you%20kindly!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3073254%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%20(AAD)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESSPR%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3166356%22%20slang%3D%22en-US%22%3ERe%3A%20Passwords%20that%20include%20(%20%23%20and%20or%20!%20)%20not%20working%20on%20mobile%20devices%2C%20but%20work%20on%20Windows%20or%20PCs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3166356%22%20slang%3D%22en-US%22%3EI%20have%20seen%20similar%20problem%20where%20one%20of%20the%20customer%20was%20using%20WAF(Azure%20Firewall)%20and%20it%20was%20WAF%20which%20was%20rejecting%20requests.%3CBR%20%2F%3EWhat%20is%20the%20error%20message%20you%20receieved%20from%20SSPR%20on%20mobile%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

We are experiencing issues with some of our users where they have a # and or a ! in their password. when they use SSPR, to create a new PW, the passwords seem to work fine on their work station endpoints but they are having issues accessing applications with the new PW on their mobile devices. 

 

Is there any documentation that discusses the complexities of # ! contained in a PW? 

Is there any conflict when I select 'SHIFT +3' to get the # symbol as opposed to my onboard, digital keyboard on my phone where 'Shift +3' is not needed and I can simply select the #. Same with selecting 'Shift +1' for !. 

 

I'm looking for any documentation to elaborate on this scenario. Thank you kindly!

5 Replies
I have seen similar problem where one of the customer was using WAF(Azure Firewall) and it was WAF which was rejecting requests.
What is the error message you receieved from SSPR on mobile?

@Jai Verma I connected with my colleague, and it seems there is no error. his response is. It's not an SSPR or mobile issue: but seems to be something connected to O365 Apps authentication.

What characters allowed for user's password is documented here https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#:~:text=t....
I see both ! and # characters are allowed.
My understanding is that when they type the password on login screen from PC/Laptop it is accepted but the same password is not accepted when supplied from Mobile phone.

If your users are cloud only Azure AD collect and validate the password and users are federated, password is collected by ADFS and verified by on-premise AD. You need to look which authority is collecting the password and trying to verify. Either the one who is collecting(ADFS form based page or Azure AD login page) is not able to pass it forward to proper authentication. However, if it can not forward then, I am expecting the authority to return error in response, which in your case no error. let us examine in little more detail
- User goes to Application (portal.office.com for example)
- User type username and redirected to Federation server, if federated else prompt for password. What is your scenario?
- User types the password and click on sign in button
- What do they see on the mobile screen next?

@Jai Verma Thank you this is great information and I'm sharing it. However to note; we have removed ADFS from our environment. So i'll need to confirm the age of the INCs with this issue and verify if they align to ADFS.

@Jai Verma This seems to have been a one-off scenario and we have gone away from ADFS.