Readit NewsI'd like to submit all the sites that disable copy/paste on their password entry, especially if they have stringent password content policy.
My randomly generated 10 word passphrase is more secure than your password policy, but I don't want to type it in by hand, you donkey.
The splash page would make more sense if it had some brief description of why sites end up there--and maybe some guidance of making decent password rules.
Seems like it would be nice to have the actual set of rules next to each example, and to be able to page through the examples.
I also find having to page through the home page a little odd.
> Coil
> Does not allow simple characters and sequences such as '4587' or 'efgh' in password & necessarily requires numeric values.
or Apple’s requirement that you cannot have more than 3 consecutive characters, seem reasonable to me. Certainly these rules ban perfectly fine passwords, but they’re a lot better than something like “must be between 8 and 16 characters and contain one uppercase, lowercase, number, and special character, but not these special characters, and it also cannot have an edit distance of 3 from your user ID”
It seems like most of you are as enraged as I am about some of these password rules. They just flat out make me mad.
It's not much, but I've actually had one company reach out to me after making it on the list and they made their password rules less dumb.
So, if you find any particularly egregious offenders, do your part and submit a PR. It may actually make a difference.
One of the dumbest I've seen is when the username has password-like requirements, like insisting capital letters and numbers.
I'll continue to try though and am evaluate ways that the site can actually help companies update their rules.