This is a rant about dumb password policies enforced by some websites or apps. If you see these password rules forced to you, try to stay away if possible.

Can’t use special characters, or use a pre-defined special characters only

Are you storing the password in plaintext that your database will break when have special characters?

Password can’t be longer than X characters

Most probably storing the password in plaintext and their database column is limited to those characters limit.

Password expire every X months, without notice, suddenly can’t login. Reset it and can’t use the last 5 passwords

They store your previous passwords, either encrypted or plaintext.

  • @[email protected]English
    711 months ago

    They don’t need to store previous passwords to prevent reuse, they just need to store the hashes. This is safe.

    • @techconsulnerdOPEnglish
      311 months ago

      You wouldn’t know if they hash it or not.

      • @[email protected]English
        911 months ago

        You don’t know if they hash your current password either. Storing the last X passwords is not any reason to infer that they are plain text.

        Chances are very good that they’ll hash previous passwords if they hash the current one.