[lmm]

Not convinced these are the dumbest (none of them is quite as dumb as requiring special characters in passwords, for example, and I'm not sure the fourth is dumb at all), or that they're six ideas. The first two are the same, and the third one is a special case of the same thing.

[geoduck14]

Yeah, and they didn't mention "storing your passwords in plain text"

[scotty79]

And 'security through obscurity'.

[rippercushions]

I've been looking for a new bank in the last week. Actual password practices I have encountered in 2023:

* ME Bank: Password must be between 6 and 20 chars long and consist entirely of numbers

* Westpac: Password must be exactly six (6) characters long, letters and numbers only

[durnygbur]

ING bank in Germany: we will implicitly trim your password to 10 characters.

Various SAP-based systems: special character in password is required... but not THIS special character, different one.

[tibanne]

Stronk.

[mixmastamyk]

What’s the deal with special chars? A site made me use one today.

[bombolo]

Special but not special, don't you dare use a non ASCII character or the whole backend explodes.

[durnygbur]

Non ASCII special character?! Most systems which demand special character don't even allow all ASCII special characters...