On the reset password function, Username is case-insensitive.
On the login function, Username is case-sensitive.
So if you try to log in with the exact same username as you used to reset the password (i.e, with the “wrong” capitalisation”), and the brand new password you just created, it’s rejected as “Invalid username and password”.
Logon and password reset features are basic functionality for all websites. But still some people get it wrong…
Yeah, that’s a bug.
Heck, I’m still cringing from the website that didn’t accept a password LONGER than eight characters.
I once used an internal system that had a *four* character limit. To make it worse, the passwords expired after twelve weeks, only it didn’t actually tell you that. Just said the password was invalid when you tried to log on.
Much relief when that system was replaced.