Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.

Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…

  • ryathal@sh.itjust.works
    41·
    1 day ago

    Passwords that must contain a special character, but only from a list of three special characters.

    Passwords that must be changed every 3 months.

    Absurdly narrow length requirements, im 80% sure I saw one that required 8-16 characters.

    All dictionary words were banned from being in a password regardless of length, so passphrases weren’t allowed.

    • Susaga@sh.itjust.worksEnglish
      3·
      16 hours ago

      It’s always quote unquote fun finding out what words are and are not in their dictionary. I got by using a bunch of nerd words, but apparently Aragorn is not allowed.

    • NJSpradlin@lemmy.world
      6·
      22 hours ago

      I redid one of mine yesterday; 3-months, exactly 8 characters, must use a symbol from the three approved ones (#$@).

      I hate it, I wish they’d abandon that system or change the encryption requirement to match our other systems that use our physical badges.

      Edit: it’s really dumb around the holidays, too. We’re off for Thanksgiving, Christmas and New Years so I really only got a few weeks out of that last one.