[PhilipRoman]

The funniest password requirement I've seen was "must include a special character" but the special character selection was limited to #!$& and of course attackers know this requirement too. Combined with most people putting it at the end, that gives a little over 2 bits of entropy...

[Elfener]

When I was creating a password for online banking, it required me to include at least one special char - but apparently they didn't consider the dollar sign ($) a valid character...

[ericbarrett]

The good ol’ “Tell me you store passwords as plaintext without telling me you store passwords as plaintext”

The other message I get from sites like this is, “Our developers have no idea how to escape SQL parameters even though this has been standard since the 90s [80s? 70s?!] so we just do “‘“ + password + “‘“ “