Let's play a game.
Theme: Security awareness - grey-hat style.

How to play:
Post the name of the site followed by actual bad-password restrictions of well-known companies in the comments.

If no-one beats me to it, I plan to share some of the more alarming ones(or all) on a twitter and tag the relative companies as well as various security enthusiasts.

  • 1

    * Case Sensitive
    * Upper and Lower Case Allowed (not required)
    * Special Characters Allowed

    * 8-20 characters
    * At least 1 Letter and 1 Number Required
    * No Spaces Allowed
    * Cannot be an Easily Guessed Password
  • 1
    Three Austria Customer Zone (3Kundenzone, password reset page located at: https://drei.at/selfcare/...)

    Ist zwischen 6 und 20 Zeichen lang
    Enthält mindestens einen Kleinbuchstaben
    Enthält mindestens einen Großbuchstaben
    Enthält mindestens eine Zahl
    Darf keine Sonderzeichen enthalten.

    - Must contain at least one lowercase letter, one uppercase letter, a number
    - 6 to 20 symbols
    - No special characters

    No, seriously. Fuck this provider.
  • 1
    - No uppercase
    - No spaces
    - Between 8 and 16 characters

    And to top it off, 'forgot password' emails you your username and password in plaintext!
  • 0
    I just noticed that my comment above still contains the requirements in German lmao
Add Comment