Banque de Tahiti - Dumb Password Rules
1 1
You have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e.g. `µ`). No accessible version available.
#infosec #password #passwords #cybersecurity #dumbpasswordrules
on Mar 25
0 0
User ID *has to* contain special characters, password *may not* contain (basically) any special characters.
on Sep 14
Digital Credit Union (DCU) - Dumb Password Rules
0 1
Must be between 8 and 40 characters, uppercase and lowercase, one number, one special character... whatever. But special characters are limited to -#$%+?~*!. (and space). WHY?!
on Sep 2
University of California San Diego - Dumb Password Rules
0 1
Passwords must be between 8 and **11** characters long!
on Aug 30
Premera Blue Cross - Dumb Password Rules
0 0
Password must contain 8-30 characters, including one letter and one number. "Special characters allowed" seems to mean a very small handful of choices you can only find through trial and error `-_'.@`
on Aug 28
Benergy4 - Dumb Password Rules
0 0
12 to 25 characters, only these special chars allowed: @+/'!#$^?:,.(){}[]~-. Also, security questions.
on Aug 7
0 0
Password length must be 8 to 20 characters long with lower case characters and numbers only.
on Jul 13
University of Windsor - Dumb Password Rules
0 0
The password policy applies to alumni as well. Must be at least 10 characters long, with at least 1 upper case and 1 lower case character, at least 1 number, at least 1 special character. Password expires every 120 days, and you can't reuse an old one.
on Jul 9
Liberty Mutual - Dumb Password Rules
0 1
Must not contain spaces or the following characters: @/\*%<&+>
on Jul 2
LepidaID - Dumb Password Rules
0 0
Password must: - be 8 to 16 characters in length - contain at least 1 upper-case character - contain at least 1 lower-case character - contain at least 1 number - contain at least 1 non-alphanumeric character - not contain more than 2 of the same consecutive characters - not contain any public...
on Jun 30
South Western Railway - Dumb Password Rules
0 0
Certain special characters disallowed, but notably the phrase " or " is disallowed also. They're probably papering over SQL injection vulnerabilities 🤦
on Jun 28
Izly by Crous - Dumb Password Rules
0 0
Izly by Crous is an **imposed** French payment service for the university. You can't pay your daily meal without that because yeah you know cash is an ancient dumb thing. Your username is firstname.lastname@youruniversity.fr or your phone number. We only allow you a fixed 6 numbers...
on Jun 26
United States Department of State MyTravel.State.Gov - Dumb Password Rules
0 0
- Must be between 12 and 24 characters. - Must contain at least one uppercase and one lowercase letter. - Must contain at least one number. - Must contain at least one of the following special characters: ~ ` ! @ # $ % ^ & * ( ) _ - . ? { } [ ] | : ; " ' = + / , - Password must not...
on Jun 25
Eurocircuits - Dumb Password Rules
0 0
Minimum 4 and maximum 30 chars. Use only letters (a-z), numbers (0-9) and underscore (_)
on Jun 25
MarketWatch - Dumb Password Rules
0 0
- Cannot be longer than 15 characters. - Must contain one number. - Cannot contain spaces, %, & or +.
on Jun 3
Copyright.gov - Dumb Password Rules
0 0
I wonder if they cooperate with NSA to enforce the password rules.
on Jun 2
Nachbarschaft.NET - Dumb Password Rules
0 0
"Mindestens 6 und maximal 12 Zeichen" - or in English: "At least 6 and max. 12 characters.
on Jun 1
Canada Revenue Agency - Dumb Password Rules
0 0
Password checklist: - 8 to 16 characters - At least 1 upper-case character - At least 1 lower-case character - At least 1 digit - No space - No accented characters - No special characters except: dot (.), dash (-), underscore (_), and apostrophe (') - No more than 4 consecutive identical characters
on May 28
Boursorama - Dumb Password Rules
0 0
"To ensure the highest level of security, your password must have... 8 digits". And it must be entered using a funny keypad with the digits in the wrong order.
on May 17
0 0
Password must contain: - 8 to 12 Characters. - At least one lowercase and uppercase letter. - At least one numeric character. - At least one special character (!, @, #, $, %, %, ^, &, +, =). Must not contain space, first or last name.
on May 15
Equifax - The Work Number - Dumb Password Rules
0 0
Eight to sixteen characters, numeric digits only, not the same as the User ID. * Number of permutations: 1E+16 * Number of permutations for the weakest length: 1E+8 * vs permutations for a 8-16 password using standard characters: 4E+31 * vs permutations for the weakest length of 8 using standard...
on May 13
0 0
It's a good thing they don't store personal information such as your passport number... oh wait.
on May 12
0 0
Your password should be difficult to guess as long as it's not over 16 characters long.
on May 5
0 0
Passwords limited to 8-12 characters.
on May 5
PizzaHut - Dumb Password Rules
0 0
Passwords must be greater than 6 characters, and have an arbitrary set of rules we don't tell you about until after you try to set your password.
on May 4
Thames Water - Dumb Password Rules
0 1
Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.
on May 3
Return of Reckoning - Dumb Password Rules
0 0
Password must be between 6 and 100 characters. It doesn't say on the website, but the password only works in the related game client if it is purely alphanumeric. Not even special characters like % or $ are allowed.
on May 1
0 0
The Roads and Traffic Authority's 'Online Services' website for New South Wales, Australia. Password rules: - Must be between 6 and *10* characters long - Must be a combination of letters and numbers - Cannot be the same as any of the previous two passwords, including the current...
on Apr 16
0 0
Password Rules - 8 to 20 characters with at least 1 number and 1 letter. - No symbols or spaces.
on Apr 13
Mindware - Dumb Password Rules
0 0
You "*may use special characters*", but only some of them - and we won't necessarily tell you which ones.
on Apr 9
Credit Union Australia (CUA) Health - Dumb Password Rules
0 1
Password must be between 7 and 10 characters, contain both an uppercase and a lowercase letter and have at least one number.
on Apr 3
Minnesota Unemployment Insurance - Dumb Password Rules
0 0
Locked to *exactly* 6 chars, alphanumeric only, not special chars.
on Apr 1
0 0
Password rules: - Between 8 and 32 characters long - Must contain at least one numeric and one special character (!@#$%&*) - At least one uppercase and at least one lowercase letter
on Mar 28
Turkish Airlines - Dumb Password Rules
0 1
- Your password must consist of 6 digits - Make sure that your password does not contain your date of birth or three consecutive digits... - but two is OK, for sure. - ... and that the same number is not repeated three or more times. - but two times is probs OK
on Mar 19
Mes Services Étudiant - Dumb Password Rules
0 0
At least 6 characters, one uppercase letter, one lowercase letter, one digit and one "special character". These do not count as "special characters": `` + - = | @ " ' # ( ) [ ] { } < > / \ ` ;``.
on Mar 19
Intelink Passport - Dumb Password Rules
0 1
Intelink is a group of "secure" intranets used by the United States Intelligence Community. Passport is an identity and access management service for Intelink. Rule #3 prohibits three or more consecutive uppercase, lowercase, or digit characters, even if those characters are not the...
on Mar 10
SecureAccess Washington - Dumb Password Rules
0 0
Central authentication for all Washington State services (DoL, ESD, etc). Password must have *exactly* 10 characters, but form happily lets you enter more and only throws errors after submit, providing no useful feedback.
on Mar 8
0 0
Passwords must be 6-15 characters. If you enter more than 15 characters at signup, there is no error, but the system apparently silently truncates to 15 characters. So of course, logging in subsequently fails if you enter the untruncated password. How convenient.
on Mar 7
Whitcoulls - Dumb Password Rules
0 0
Your password must: - be between 7 and 15 characters - contain a capital letter - have no spaces (shown only when you go to change it)
on Mar 2
SielteID - Dumb Password Rules
0 0
Sielte is one of the four Italian digital identity providers of level 3 (the highest available). The rules are as such: - At least 8 characters - At most 16 characters - Must have both lower and upper characters - Must have one or more digits and one or more of the following "special...
on Mar 1
Vancity Credit Union - Dumb Password Rules
0 0
Personal Access Code (or PAC–they are too ashamed to call it a password), must be between 5 to 8 digits and cannot start with '0'. (no letters or symbols)
on Mar 1
0 0
- At least 2 uppercase letters - Plus 2 lowercase letters - Plus 2 numbers - Plus 2 punctuation marks Phew, too many rules, because why not, if [Ma thinks AI stands for Alibaba Intelligence](https://www.youtube.com/watch?v=f3lUEnMaiAU), then password rules can be equally intelligent too. Also,...
on Feb 29
Nelnet (student loan servicer) - Dumb Password Rules
0 1
8 to 15 characters and no spaces? Why no spaces? Also limited to only these 6 special characters. That could mean that there is some process somewhere that puts this as part of a command line invocation.
on Feb 23
0 0
Portuguese power distribution company, which requires short passwords (10 to 15 characters), no repetition of the same character, not using the username, the word "PASS" or the word "SAP" in the password, and limiting which special characters can be used.
on Feb 18
0 1
No more than 20 characters, use any symbols you like... Oh except #, &, +, or space of course.
on Feb 16
Microsoft (e company store) - Dumb Password Rules
0 0
Max of 16 character oh and please don't use any characters we don'y know how to escape properly also if it starts with ? you may break our wonderful website. What out with your password generator duplicated characters is far too insecure to allow here.
on Feb 10
