Wednesday, April 1, 2009

Password Schemes Even Their Mothers Probably Hate

by Smitty

This is not an out-take from The Daily WTF. It really crossed my screen today:
Please enter your old password and a new password in the spaces below using the following password rules:
The password must be at least 14 to 30 characters long.
The new password must differ from the old password by at least 4 characters.
Passwords ARE case sensitive.
Special Characters are allowed in the password with the exception of the single quote ('), double quote ("), and less-than sign (<).
The password must contain at least:
  • 2 uppercase alpha characters [A-Z]
  • 2 lowercase alpha characters [a-z]
  • 2 numeric characters [0-9]
  • 2 special characters [ ~!@#$%^&*()-_+={}[]:;,>/ ]
The password must not:
  • contain spaces
  • contain the single quote ('), double quote ("), or the less-than sign (<)
  • be the same as your user-id

I've also seen one site like this, but the "special characters" (which do NOT include the back-tick `) have to occur early in the password, or it doesn't count. Relative to unemployment, this isn't the worst thing that could happen. Nevertheless, they do make my tourettes syndrome act up.


  1. That's why they pay you the medium bucks, man!

  2. That looks almost exactly like my companies password policy....