[8_hours_ago]

I was also curious about this and decided to test it. I created a new account with the password "badpassbadpass" (minimum password length of 8!), but I was unable to log in with "abesassabesass". There was also no error when I tried to put a 'q' and a 'z' in my password, so I'm guessing that they've updated their system since the documentation was written.

[squeaky-clean]

I just tried it with 'abcabcabc' as my password. It claims passwords are case sensitive, but both 'abcabcabc' and 'ABCABCABC' work and any variation ('ABCabcaBc' works). Variations based on a phone pad don't seem to work. '123123123' or 'bacbacbac' don't work. I also tried only changing one letter.

>Must contain one letter and one number

Also not true.

>Cannot contain three repeating character

Also not true. I changed my password to 'qqq123123' and could login just fine. Something like 'zzz123123' does not work.

I put way too much effort into this.

[mentat]

So for all those saying that we should just "trust the engineers know what they're doing" this is a pretty damning refutation as far as I'm concerned.

[taejo]

It's possible they store both the original password, for use on the web, and the numeric version, for phones.