This is a rant about dumb password policies enforced by some websites or apps. If you see these password rules forced to you, try to stay away if possible.

Can’t use special characters, or use a pre-defined special characters only

Are you storing the password in plaintext that your database will break when have special characters?

Password can’t be longer than X characters

Most probably storing the password in plaintext and their database column is limited to those characters limit.

Password expire every X months, without notice, suddenly can’t login. Reset it and can’t use the last 5 passwords

They store your previous passwords, either encrypted or plaintext.

  • deejay4am@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    I forgot my password to a local government site once and they emailed me my plaintext password. Wtf.

    • driving_crooner@lemmy.eco.br
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      There was a service in a company I worked for that also send you your password in plain text by email. I reported it to the infosec department and they were like yeah, we know, but the system is not important and we don’t care. Mf don’t know that people reuse their passwords everywhere??

    • techconsulnerdOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Happened to me too. Who’s the dumb government vendor doing these applications?