Password must be between 5-13 characters and not contain spaces

>do a password reset
>they don't reset it
>just email your password to you

>not having a 128 bit password for every account you own

>user ID must contain a number

>writing your password on a sticky note beside your desk

>your previous password was 11 characters long
i thought they weren't supposed to store that stuff

Well, to be fair they could just store that shit independently of the hash.

This shit makes me angry

128 bit is only 16 characters assuming UTF8

> Own

password must be at least 12 characters long
password must contain at least two numeric characters
password must contain at least two punctuation characters
password must contain at least two upper case characters
...
password strength: weak
please try again
> alternatively you can go fuck yourself

I want to hug Satanichia MacuDower

At work this is the case. Everyone just adds a number to it.

>Not enforcing a minimum length of 15 chars

>Not changing your password and then immediately reverting the change

>You have successfully signed in using a google account. Please type in your google password for us to know.
Common normie trap.

someone bost that screenshot of the Indian bank where your password must be 8 or 9 characters and can't use "hacking characters"

Who can be bothered? Im overworked as it is.

>kpasswd
>kpasswd
Done. Unless your company uses Windows like most enterprises do. I am so glad we are deploying both.

>suggested password

>uses the same password everytime
>do a password reset
>they reset it and email to you
>you can't remember the new password

>forgot password
>enter a new one
>Error: too similar to previous password.

>you need a capital letter, number, special character and it must be longer than 8 characters
>Cuntblaster!69
>that's too simple
>Georgiafuckingsucks*9
>no that one is too common
Holy fuck you are a no-name forum I just need to use maybe once to see a fix someone posted two years ago with no mirrors fucking get over yourself this email isn't even real.

>you cannot use any of your previous five passwords
Just tack the month at the end
>Passwordjan
>Passwordfeb
>Passwordmar
>etc

This happened when I was registering for a government website. Everyone in my profession was forced to register this year.

>please enter your licence number and create a password
>generate a random 32 character password
>it works, almost always causes an error
>try to log in
>'your password is incorrect'
>hit forgot password
>get an email with my password IN PLAIN TEXT
>my 32 character password was truncated to 10 characters
>no errors were ever displayed

I sent an email to the head of IT asking why my password was 1. truncated without any indication and 2. emailed to me in plain text. I got a response back saying "thanks we're new to all of this and will be fixing things soon". Well that makes me feel better...

Time to move to a different country

> thanks we're new to all of this
What a lovely people.

>letting your customers choose a password

They could, but they shouldn't, as it severely eases brute-force attacks of any kind.

Could someone explain why they do this? I mean, if you have a password, hash it, salt it, and then pepper it, doesn't the original password not even matter anymore? It would only be convenient for the user, and at the same time it wouldn't even be brute forcible since it was hashed. Dictionary attacks wouldn't matter since it was peppered. So what
s the point of having minimum requirements in your password?

To prevent retards from using 123 as password.

>it wouldn't even be brute forcible since it was hashed
But an attacker can still guess all short passwords in a brute force attack pretty easily and find your password almost instantly.
It's better to force retards to not be retarded anyway.

>your password must be exactly 8 characters long

>We Get Subsidized by Password Crackers, The Website

>password cannot contain unicode characters
>force change the password after registration to include exactly one unicode character
ABSOLUTELY UNBREAKABLE

Plaintext passwords are fine. If you get them, you already own the system so you don't need to get in. And of course they are unique so you can't leverage them to login anywhere else...

Why should a business spend extra effort to save customers from themselves? Keep a blacklist of common passwords and anything else is fine.

>create new password, it's 16 characters long
>"your password must be 3-12 characters long"
fuck you

>choose your password now even though we still need to verify your email which can revoke any password at that moment
>this allows you to be MITM because we didnt update our certs on the sign up page

>only the first 8 characters of your password are taken into account
A popular FTP app for android has been doing this for YEARS already.

Anyway, does anyone have that password requirement joke from MIT or something?

Cute Satania, dude.

>password must be lower than x

>password must contain x

>internet banking password must contain exactly 8 characters, numbers and letters only

>Your password must contain numbers and special characters

>Your password cannot contain these characters

>your password cannot contain spaces

Well it is a password not a passphrase :^)

>password must not contain certain characters
There is NO legitimate reason to restrict the type of characters used in a password. I should be able to use any character I want. Punctuation, spaces, emoji, a fucking null byte...

Password must contain at least five utf-1024 characters, be more than 50 characters long, and must have only one single ascii letter

Last I checked Paypal truncates any passwords longer than 20 characters as well.

>government website
>emailed in plain text
Which government? Send them the NIST guidelines:

pages.nist.gov/800-63-3/sp800-63b.html#sec5