This has to be the best one here. The sheer lack of understanding of how to authenticate an account by the dev.

The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.

I don’t think you need to worry about that in this case, the special character restriction suggests to me that they don’t hash it.