I'm glad I don't even have to register an account @SAP...

Instead of doing this, why dont just generate random password for the user to make things easier lol at the end of the day the passw would be hard to remember

It's like they have laid blueprint for making rainbow table.

All those rules sure reduce the problem space for brute-forcing that password.

How do you know the past 5 passwords website, huh HUH?!?

@nblackburn I'm assuming they save hashes of the passwords...

On the other hand every single security course teaches us the same thing... "Humans are your biggest security risk". While using a complex password like that might might a brute force attack less likely, it will increase the likelihood of the user writing their password down on a sticky note on their desk or even worse in a text file on their desktop. This is why multi-factor authentication should be higher priority than complex passwords.

@treeroot I didn't think many people will get the rainbow table reference. Good to know people know this thing.

Yet another huge org with no concept of what users are or how they operate. When will they start to get that the more complex they make password requirements, the more insecure they make things because the more users will take insecure alternative steps to actually remember their password.

This can't be real, why would they limit it to exactly 8 characters. It's been a while since I looked into brute force attacks but I feel like GPUs should be getting close to that.

@Condor I know that but fear they don't as storing previous passwords carries a risk hashed or not.