Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.

Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…

  • @ryathal@sh.itjust.works
    link
    fedilink
    010 months ago

    Passwords that must contain a special character, but only from a list of three special characters.

    Passwords that must be changed every 3 months.

    Absurdly narrow length requirements, im 80% sure I saw one that required 8-16 characters.

    All dictionary words were banned from being in a password regardless of length, so passphrases weren’t allowed.

    • qantravon
      link
      fedilink
      English
      010 months ago

      I’ve definitely had one that was 8-12 characters before…

    • @NJSpradlin@lemmy.world
      link
      fedilink
      0
      edit-2
      10 months ago

      I redid one of mine yesterday; 3-months, exactly 8 characters, must use a symbol from the three approved ones (#$@).

      I hate it, I wish they’d abandon that system or change the encryption requirement to match our other systems that use our physical badges.

      Edit: it’s really dumb around the holidays, too. We’re off for Thanksgiving, Christmas and New Years so I really only got a few weeks out of that last one.

    • @Susaga@sh.itjust.works
      link
      fedilink
      English
      010 months ago

      It’s always quote unquote fun finding out what words are and are not in their dictionary. I got by using a bunch of nerd words, but apparently Aragorn is not allowed.