I'm a bot posting random sites from https://dumbpasswordrules.com.
Created by https://fosstodon.org/@duffn.
This dumb password rule is from PCPartPicker.
There are no rules for passwords. Passwords can be any length (including one character)
of any complexity. No password change confirmation emails are sent.
https://dumbpasswordrules.com/sites/pcpartpicker/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from HM Revenue & Customs (UK Tax).
We store basically all of your data, but we can't store your password.
https://dumbpasswordrules.com/sites/hm-revenue-and-customs-uk-tax/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from IBM TSO/E Logon terminal.
It might not be a web site, but that does not make it less dumb.
Since many don't know about IBM mainframes, it seems they don't think you need to up the policies.
Default old password policy is: 6-8 characters long, A-Z, 0-9
Over the last few years they have updated their policies a bit, but d...
https://dumbpasswordrules.com/sites/ibm-tso-e-logon-terminal/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Citi.
* Password is case-insensitive
* Can't use ANY special characters (although, adding special characters increases the "password strength" meter?!)
* Allows for a minimum password length of 6 characters
* No runs of more than two identical characters (eg. "aaa" is not allowed.)
* Does not allow you...
https://dumbpasswordrules.com/sites/citi/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Lenovo.
Between 8 and 20, not more.
https://dumbpasswordrules.com/sites/lenovo/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from MetLife.
Max length of 20 characters, no special characters allowed.
Pasting into the second password field is disabled even with
the Chrome extension Don't Fuck With Paste.
https://dumbpasswordrules.com/sites/metlife/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from South Western Railway.
Certain special characters disallowed, but notably the phrase " or " is disallowed also. They're probably papering over SQL injection vulnerabilities 🤦
https://dumbpasswordrules.com/sites/south-western-railway/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Dutch Tax Authorities (Belastingdienst).
At least 8 and at most 25 characters, of which at least 3 of the characters were not used in the previous password.
No more than 3 of the same characters.
At least 1 upper case and 4 lower case characters.
No more than 3 special characters.
It's not like hashing passwords is a thing or something.
https://dumbpasswordrules.com/sites/dutch-tax-authorities-belastingdienst/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from BOINC Bakerlab.
Passwords may only include ASCII characters, not even extended ASCII.
https://dumbpasswordrules.com/sites/boinc-bakerlab/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from AirAsia.
- Between 8 and 16 characters
- Must contain a number, a lowercase letter, and an uppercase letter
- Special characters allowed, but not periods, commas, tildes, or angle brackets
https://dumbpasswordrules.com/sites/airasia/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Thames Water.
Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.
https://dumbpasswordrules.com/sites/thames-water/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Mobi Bike Share.
Your PIN (which is the password you use to login, which lets you, say, buy hundreds of dollars worth of bike-share subscriptions off the saved credit card) must be four numeric digits. Helpfully, they even give you an example of a PIN: *1234*.
https://dumbpasswordrules.com/sites/mobi-bike-share/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Securvita BKK.
Your password can not exceed a length of 30 characters. However, they don't tell you this: If you try to set a longer password, they instead shame *you* for not including at least one uppercase letter, one lowercase letter, one digit and one symbol – *even if you did*.
The error message translat...
https://dumbpasswordrules.com/sites/securvita-bkk/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Standard Chartered Bank.
- Between 8 to 16 characters
- Only letters and/or numbers
https://dumbpasswordrules.com/sites/standard-chartered-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Wageworks.
In addition to the following rules regarding passwords...
- 8-20 characters in length
- Include at least 4 of the following: lowercase letter, uppercase letter, number AND symbol
- Not include your last name, first name or space
Your new password should be different from your previous twenty pas...
https://dumbpasswordrules.com/sites/wageworks/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from URSSAF (French employers tax collection service).
When setting a new password:
Password must be exactly 8 characters, at least 1 letter, at least 1 number, but no special characters.
https://dumbpasswordrules.com/sites/urssaf-french-employers-tax-collection-service/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from ING Romania's Internet Banking Portal.
No more, no less than 5 digits. This is the password you use to log in and to confirm
online transactions. They used to have "normal" passwords and they forced everybody to
change to the 5 digits versions. They said they've made it "so it's easier for you" and it's
OK, because everybody has 2FA.
https://dumbpasswordrules.com/sites/ing-romanias-internet-banking-portal/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from IKEA.
Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then
it won't allow you to even use name in password.
Password must contain:
- 8-20 characters
- **No more than 2 identical characters in a row**
- A lowercase letter (a-z)
-...
https://dumbpasswordrules.com/sites/ikea/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from DBS Bank (Singapore).
`[[:digit:]]{6,8}`
https://dumbpasswordrules.com/sites/dbs-bank-singapore/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from AirAsia.
- Between 8 and 16 characters
- Must contain a number, a lowercase letter, and an uppercase letter
- Special characters allowed, but not periods, commas, tildes, or angle brackets
https://dumbpasswordrules.com/sites/airasia/
#password #passwords #infosec #cybersecurity #dumbpasswordrules