This is a rant about dumb password policies enforced by some websites or apps. If you see these password rules forced to you, try to stay away if possible.

Can’t use special characters, or use a pre-defined special characters only

Are you storing the password in plaintext that your database will break when have special characters?

Password can’t be longer than X characters

Most probably storing the password in plaintext and their database column is limited to those characters limit.

Password expire every X months, without notice, suddenly can’t login. Reset it and can’t use the last 5 passwords

They store your previous passwords, either encrypted or plaintext.

  • dual_sport_dork 🐧🗡️
    link
    English
    61 year ago

    Well, sure. But in that case it should be the max length of whatever the hash method is. The full 60 characters, and not something dumb like 12.