Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.

Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…

  • TootSweet@lemmy.worldEnglish
    12·
    14 hours ago

    12 characters, upper/lower/special requirement, and no more than two occurrences of the same character together. That’s FedEx.

    Two other thoughts on the topic:

    • Websites/apps/etc should always list their password requirements on the login page to make it easier to determine what password you used for the site in question.
    • There are plenty of websites where I literally log in only by using the “forgot password” flow because their password requirements are so ridiculous.