[wonderwonder]

My favorite is when they actually limit what special characters you can use. Must include 1 of x special characters. Why? I always just assume they baked their own password storage and couldn't figure out how to handle the whole set of special characters

[jaywalk]

Multiple times I've found that this is caused by a web application firewall that is intended to mitigate SQL injection attacks. So they disallow the characters that would commonly be used in those attacks.

[wonderwonder]

Interesting, I had never considered that