Click on forgot password link

>click on forgot password link
>they email the password back to me

>try to change the password
>this password is already used by another person

>input preferred password
>password must be 30 characters long, must not contain words that are in any dictionary, must contain numbers and must contain unicode symbols

>try to change password
>password must be at least 8 characters long and contain at least one of the following blah blah blah

>try to log in
>incorrect password over and over again
>click forgot password
>enter new password
>new password can't be the same as your current password

>input password
>always includes ;DROP TABLE;

Devilish.jpg.gif.asf.exe

>forget password
>send password reset instructions to email
>forget which email I used
>forget email's password after remembering the provider
>forget secret answer needed for resetting password

>click on forgot password link
>Step 1: Type your birth date

>register account password
>your password cannot contain a bad word

>password accepted & has been sent to be reviewed by a representative

>type your birth date
>January first
>dont know what year i put
>have to try from 1900 to 1990
welp

>click on forgot password link
>site admin laughs at me

>forgot password link
>it requires a recovery key for it
>forgot to backup recovery key

That thing just returns error even on unsanitized input.

>your password is too long
t. my utility company

>forgot password
>enter captcha
>enter new password

I test this on every website I sign up to with a dummy password.

>forgot password
>have to answer recovery question
>"What make was your first car?"
>I have never owned a car

>forgot password
>click link
>Please enter your Social Security Number

>leet haxxed an account
>security question "what color was your first cat?"
>black
>welcome back user

>get email from Microsoft
>somebody logged into an ancient hotmail account I haven't used in over a decade
>log back in, change password, and schedule account deletion
>2 months later get the same email
what the fuck is going on here
I feel like any maliciousness is coming from Microsoft, not from some slav magically getting into my old account

...

>your password must not contain " = + - > < % ;

h-haha

OMG AYYYYY
THIS D E S U

>does all this but password still gets leaked because it was stored in plaintext or had a keylogger

>forgot password
>enter password to apply changes

name 1 site that does this

Neopets

name one time this has happened

>an administrator must approve your account before you can post

>your password cannot contain the following characters :

>! - & * < > ' " ` \

any mailing list

dumb frogposter

>have test admin level accounts in development with silly shit like 3 character passwords
>fast forward to several years later
>they still work in production

happened all the time at a company I used to work at.

>go look at microsoft account history
>see half of algeria and uzbekistan trying to access my account unsuccessfully

>forgot password
>"you seem pretty legit we'll let you in but bring it next time haha"

w e w
e
w

...

that's turbo autismo but I like it.

>click forgot password
>please enter registered mobile number
>got rid of the number 6 years ago