Password guidelines...

Just got an online account for an insurance:
Allowed characters for password are a-z, A-Z, 0-9.
Really?
I tried special characters, maybe they just forgot to mention them. Doesn't work, "Password not valid".

Had to create an account with a local carrier and was forced to use up to 7 chars long password which is restricted to alphanumerical only input with at least one uppercase and one number. I guess I was left with very few options. No idea who makes all this nonsense restrictions based on some database “performance” requirements.

The fuck? Really?

I mean, that's really not that bad, if we assume that they allow/require long enough passwords. 15 chars and decent encryption can go a long way against most brute force attacks.

Unfortunately though, bad password requirements are often matched by equally bad security practices...

"OuR hAsH fUnCtIoN dOeS nOt AcCePt SpEcIaL cHaRaCtErS"

I shoved my devrant.com duck in my asshole

I came across a site where the password had to start with a capital letter... Really?

In fact it's not the worst password guideline I encountered. Another insurance company only allows a PIN (numeric), but at least more than 4 digits.

From my experience, banks and insurances have the worst password guidelines.

But by going through all accounts with bad passwords I just found out that my bank account, which used to only allow a PIN in the past now also allows a real password with a lot of special characters.

Online Banking in Germany and you are only allowed to have a Max password length of 5 characters and only numbers and letters