Shaming sites with dumb password rules

This GitHub repo is an interesting collection of sites that are doing password login wrong :tm:. Interesting read for some righteous anger :wink:

Imagine if someone solved it for them so that they don’t have to do it right :thinking:

1 Like

I found this one on Friday. So much going on here.

  • A valid password is at least 5 characters but you my friend must provide at least 10 characters
  • Must include a special character, except the wrong ones. What is wrong with a “£”
  • They only tell you about these impossible to guess rules after you try entering a password once.
2 Likes

Wow! And yeah — the whole: how was I meant to know that before I started?

1 Like

These train websites are always such a pain.

Absolutely amazing work there SWR.

1 Like

Creating a new email account at IONOS today and you have to input a password naturally so they provide instructions on what’s acceptable as a password and a colour bar to tell you what ‘strength’ your password is. The notes say you shouldn’t use your first name or date of birth but you have to expand to read them. This password passes the security check anyway even though it’s clearly incredibly insecure. I guess it was too hard to develop in a check to attempt to recognise when the users’ first name or their D.O.B is being used.

1 Like