California Department of Motor Vehicles - Dumb Password Rules They also prohibit pasting into the password field by using a JavaScript `alert()` whenever you right-click or press the `Ctrl` button, so you can't use a password manager.

This dumb password rule is from California Department of Motor Vehicles.

They also prohibit pasting into the password field by using a JavaScript
`alert()` whenever you right-click or press the `Ctrl` button, so
you can't use a password manager.

https://dumbpasswordrules.com/sites/california-depar

Crédit Agricole Centre-Est - Dumb Password Rules You have to enter your 6-digit password using this Frenchy keypad.

This dumb password rule is from Crédit Agricole Centre-Est.

You have to enter your 6-digit password using this Frenchy keypad.

dumbpasswordrules.com/sites/credit-agricole-ce...

#password #passwords #infosec #cybersecurity #dumbpasswordrules

ICAgile - Dumb Password Rules Observed on November 17, 2020: Password must contain: - 8-15 total characters - At least one lowercase letter - At least one uppercase letter - At least one number - At least one special character (e.g., !#$%^*) They don't seem to have a public registration form. You receive a registration link after completing a course with one of their accredited providers.

This dumb password rule is from ICAgile.

Observed on November 17, 2020:

Password must contain:
- 8-15 total characters
- At least one lowercase letter
- At least one uppercase letter
- At least one number
- At least one special character (e.g., !#$%^*)

They don't seem to have a public registratio

A1 Mobile Serbia - Dumb Password Rules A1 mobile Serbia is a mobile provider in Serbia that imposes poor password rules. Translation: "Length of the password must be between 8 and 20 characters and can only have letters and digits."

This dumb password rule is from A1 Mobile Serbia.

A1 mobile Serbia is a mobile provider in Serbia that imposes poor password rules.

Translation: "Length of the password must be between 8 and 20 characters and can only have letters and digits."

https://dumbpasswordrules.com/sites/a1-mobile-serbia/

HSA Bank - Dumb Password Rules - Must be minimum 12 characters - Must not be one of user's past 5 passwords - Must contain uppercase and lowercase letters - Must contain a number - Must not be the same as user's account number or login/username But also... - Cannot be longer than 20 characters

This dumb password rule is from HSA Bank.

- Must be minimum 12 characters
- Must not be one of user's past 5 passwords
- Must contain uppercase and lowercase letters
- Must contain a number
- Must not be the same as user's account number or login/username

But also...
- Cannot be longer than 20 cha

Nintendo - Dumb Password Rules Password between 8-20 characters, at least two "categories" of characters, and cannot use the same character more than twice in a row. At least it supports MFA.

This dumb password rule is from Nintendo.

Password between 8-20 characters, at least two "categories" of characters, and cannot use the same character more than twice in a row. At least it supports MFA.

https://dumbpasswordrules.com/sites/nintendo/

#password #passwords #infosec #cybersecurity #du

Aruba Cloud - Dumb Password Rules Must be different from the last 3 passwords used. Your password must contain at least an uppercase and lowercase letter and number. Must contain at least one special symbol.

This dumb password rule is from Aruba Cloud.

Must be different from the last 3 passwords used.
Your password must contain at least an uppercase and lowercase letter and number.
Must contain at least one special symbol.

https://dumbpasswordrules.com/sites/aruba-cloud/

#password #passwords #infosec

Paytm - Dumb Password Rules Password must be between 5 and 15 characters. Also, spaces don't count as characters.

This dumb password rule is from Paytm.

Password must be between 5 and 15 characters. Also, spaces don't count
as characters.

https://dumbpasswordrules.com/sites/paytm/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

CenturyLink Residential - Dumb Password Rules Your password is too long. But how long can it be? Oh, we won't tell you.

This dumb password rule is from CenturyLink Residential.

Your password is too long. But how long can it be? Oh, we won't tell you.

dumbpasswordrules.com/sites/centurylink-reside...

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Red Hat - Dumb Password Rules Symbols. You keep using that word. I don't think it means what you think it means.

This dumb password rule is from Red Hat.

Symbols. You keep using that word. I don't think it means what you think
it means.

https://dumbpasswordrules.com/sites/red-hat/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Shell Fuel Rewards - Dumb Password Rules - No less than 8 and no more than 16 characters - Allows only specific special characters: ! @ # $ % - Doesn't bother to tell you what characters are allowed or not. Hope you like reading JS.

This dumb password rule is from Shell Fuel Rewards.

- No less than 8 and no more than 16 characters
- Allows only specific special characters: ! @ # $ %
- Doesn't bother to tell you what characters are allowed or not. Hope you like reading JS.


https://dumbpasswordrules.com/sites/shell-fuel-reward

NASA Earth Data - Dumb Password Rules Username must: - Be a Minimum of 4 characters - Be a Maximum of 30 characters - Use letters, numbers, periods, and underscores - Not contain any blank spaces - Not begin, end or contain two consecutive special characters(._) Password must contain: - Minimum of 8 characters - One Uppercase letter - One Lowercase letter - One Number

This dumb password rule is from NASA Earth Data.

Username must:
- Be a Minimum of 4 characters
- Be a Maximum of 30 characters
- Use letters, numbers, periods, and underscores
- Not contain any blank spaces
- Not begin, end or contain two consecutive special characters(._)

Password must contain:
-

Digital Credit Union (DCU) - Dumb Password Rules Must be between 8 and 40 characters, uppercase and lowercase, one number, one special character... whatever. But special characters are limited to -#$%+?~*!. (and space). WHY?!

This dumb password rule is from Digital Credit Union (DCU).

Must be between 8 and 40 characters, uppercase and lowercase, one number, one special character... whatever. But special characters are limited to -#$%+?~*!. (and space). WHY?!

dumbpasswordrules.com/sites/digital-credit-uni...

Nectar API - Dumb Password Rules The Nectar website allows strong passwords. However, when trying to link my Sainsbury's account, I found the API has different ideas... - Password field length capped to 16 characters

This dumb password rule is from Nectar API.

The Nectar website allows strong passwords.
However, when trying to link my Sainsbury's account, I found the API has different ideas...
- Password field length capped to 16 characters

https://dumbpasswordrules.com/sites/nectar-api/

#password #passwords

Interactive Brokers - Dumb Password Rules Usual dumb password restrictions, but this one has incredibly dumb **username** restrictions too: **Username:** - **Length of 8 or 9 letters and numbers** - **Contain at least 3 letters and 3 numbers** - Begin with a letter - Lower case only, no spaces, no special characters **Password:** - Cannot match username - Length of 8 to 40 characters - Contain at least 1 letter - Contain at least 1 number - Case sensitive, **no spaces, no special characters**

This dumb password rule is from Interactive Brokers.

Usual dumb password restrictions, but this one has incredibly dumb **username**
restrictions too:

**Username:**
- **Length of 8 or 9 letters and numbers**
- **Contain at least 3 letters and 3 numbers**
- Begin with a letter
- Lower case only, no

Vio Bank - Dumb Password Rules The password requirement is not even fully enumerated. Upon inspection of the source code, the following lines were found, hidden by javascript: "Must include at least %MINSPECIAL of the following characters:-.~!@#&_{}|:$%^*()=[];?/+" The actual list of special characters that are prohibited is correctly enumerated there. It's a result of [`a misapplication`](https://cibng.ibanking-services.com/cib/scripts/jquery/custsvc/custSvcChangePassword.js) of the [`variable allowedSpecialCharacters found here`](https://cibng.ibanking-services.com/cib/scripts/jquery/custsvc/fis-visual-validator.js?version=20180507). It took under 5 minutes to find the bug after looking at the source for the first time. This is a bank.

This dumb password rule is from Vio Bank.

The password requirement is not even fully enumerated. Upon inspection of the source code, the following lines were found, hidden by javascript: "Must include at least %MINSPECIAL of the following characters:-.~!@#&_{}|:$%^*()=[];?/+"

The actual list of sp

ANZ Bank - Dumb Password Rules Your password needs to be between 8 and 16 characters long - no special characters allowed.

This dumb password rule is from ANZ Bank.

Your password needs to be between 8 and 16 characters long - no special characters allowed.

https://dumbpasswordrules.com/sites/anz-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

European Union Intellectual Property Office - Dumb Password Rules - The password must be between 8 and 30 characters, containing at least a digit [0-9], a lower case letter [a-z], an upper case letter [A-Z] and one of [!@#$%&*,.] characters

This dumb password rule is from European Union Intellectual Property Office.

- The password must be between 8 and 30 characters, containing at least a digit [0-9], a lower case letter [a-z], an upper case letter [A-Z] and one of [!@#$%&*,.] characters

https://dumbpasswordrules.com/sites/european-u

Domainname.shop - Dumb Password Rules domainname.shop operates under several domains, domene.shop (Norway), domän.shop (Sweeden), domæne.shop (Denmark). The following characters are allowed: A-Z, a-z, 0-9 and + - * / ! ? . , : ; = # @ $ % & ( ) < >, password length 10-79 chars

This dumb password rule is from Domainname.shop.

domainname.shop operates under several domains, domene.shop (Norway), domän.shop (Sweeden), domæne.shop (Denmark).
The following characters are allowed: A-Z, a-z, 0-9 and + - * / ! ? . , : ; = # @ $ % & ( ) < >, password length 10-79 chars

https://d

SONY - Dumb Password Rules - between 8 and 30 characters - at least one number or special character - not part of email address - avoid common passwords - repeating characters 3 or more times should be avoided - currency characters and 3 or more consecutive characters, also in reverse order, should be avoided Somehow &quot;$&quot; is not counted as a currency character, but as a special character. Moreover, as soon as the password contains &quot;€&quot;, &quot;£&quot; or &quot;元&quot; for example, it is regonized as a common password. Hence &quot;76eHnE6OH€OCmv4ZGo30#Oe^@gdw^@&quot; does not fulfill the requirements while &quot;qwerty$$&quot; does.

This dumb password rule is from SONY.

- between 8 and 30 characters
- at least one number or special character
- not part of email address
- avoid common passwords
- repeating characters 3 or more times should be avoided
- currency characters and 3 or more consecutive characters, also in reverse or

MetLife - Dumb Password Rules Max length of 20 characters, no special characters allowed. Pasting into the second password field is disabled even with the Chrome extension Don&#39;t Fuck With Paste.

This dumb password rule is from MetLife.

Max length of 20 characters, no special characters allowed.
Pasting into the second password field is disabled even with
the Chrome extension Don't Fuck With Paste.

https://dumbpasswordrules.com/sites/metlife/

#password #passwords #infosec #cybersecurity #

SAP Cloud Appliance Library - Dumb Password Rules Passwords between 8 and 9 characters are the best.

This dumb password rule is from SAP Cloud Appliance Library.

Passwords between 8 and 9 characters are the best.

dumbpasswordrules.com/sites/sap-cloud-applianc...

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Pam360 - Dumb Password Rules &quot;Enterprise privileged access management has never been easier.&quot; - Must be 8 to 16 characters in length - Must have mixed case alphabets - Must have at least 1 upper and 1 lower case character(s) - Must have at least 1 number(s) - Must have at least 1 special character(s) - Must start with an alphabet - Cannot contain login name - Should not contain repeating characters - Should not contain direct alphabet series - Should not contain direct numeric series - Should not contain adjacent keyboard characters - Should not contain repeated substrings - Should not contain dictionary word

This dumb password rule is from Pam360.

"Enterprise privileged access management has never been easier."

- Must be 8 to 16 characters in length
- Must have mixed case alphabets
- Must have at least 1 upper and 1 lower case character(s)
- Must have at least 1 number(s)
- Must have at leas

La Banque Postale - Dumb Password Rules Password must be 6 digits and entered on custom pad.

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Southwest - Dumb Password Rules Password must be between 8 and 16 characters in length and include at least one uppercase letter and one number. Certain special characters are also allowed, but the first character of the password must be alphanumeric.

This dumb password rule is from Southwest.

Password must be between 8 and 16 characters in length and include at least one uppercase letter
and one number. Certain special characters are also allowed, but the first character of the password must be alphanumeric.

https://dumbpasswordrules.com/sites

Williams-Sonoma - Dumb Password Rules 25 maximum characters and disallowing some specials.

This dumb password rule is from Williams-Sonoma.

25 maximum characters and disallowing some specials.

https://dumbpasswordrules.com/sites/williams-sonoma/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Vivo - Dumb Password Rules The password must only contains numbers and the max length is 6.

This dumb password rule is from Vivo.

The password must only contains numbers and the max length is 6.

https://dumbpasswordrules.com/sites/vivo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

AOK (German Health Insurance) - Dumb Password Rules This is the online customer portal of the German health insurance company AOK. They have an extensive set of rules for both passwords and usernames. The password rules are: - Length between 8 and 14 characters - At least one letter, one number and one special character - Special characters are: !@$%/=?`+@#_.;:{}| - The password must not start with ? or ! - The password must not include the username - The password must not be the same as any of your previous passwords The rules for the username are: - Length between 1 and 12 characters - No umlauts allowed (äöü), no special characters, no spaces, no ., no _, no ß

This dumb password rule is from AOK (German Health Insurance).

This is the online customer portal of the German health insurance company AOK. They have an extensive set of rules for both passwords and usernames.
The password rules are:
- Length between 8 and 14 characters
- At least one letter, one

University of Texas at Austin - Dumb Password Rules Because of the last two rules, which ban dictionary words and any variants using symbol substitutions, *neither* of the passwords presented in the [xkcd comic](https://xkcd.com/936/) are allowed.

This dumb password rule is from University of Texas at Austin.

Because of the last two rules, which ban dictionary words and any
variants using symbol substitutions, *neither* of the passwords
presented in the [xkcd comic](https://xkcd.com/936/ are allowed.

https://dumbpasswordrules.com/sites/uni

AOL - Dumb Password Rules Between 8 and 16, so I can&#39;t go up to 20.

This dumb password rule is from AOL.

Between 8 and 16, so I can't go up to 20.

https://dumbpasswordrules.com/sites/aol/

#password #passwords #infosec #cybersecurity #dumbpasswordrules