Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.
Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…
Probably the silliest thing I have run into was some game. It asked you to set two passwords. You needed both to login. The second password couldn’t be changed. This is why it was secure, see. (…What.)
When I created my account and set the second password, I couldn’t log on the second time. Because I had entered a 20 character second password. It was accepted and verified during the account creation just fine. On the second login, it only accepted 16 characters. (It let you enter 20 characters but said it was too long.) Trying to enter first 16 characters of the second password didn’t work, of course.
I then contacted the support, and they did manage to reset the second password anyway. (What is this even)