cannot be one of the last 10 passwords you used
cannot be any password you have used in the last 15 years
must contain all of the following characters 𐌐𐌔ቹ𐌕ፕ𐌀 𐌔ፕክ𐌄
can only consist of lowercase letters
must contain at least nine numbers that sum to be no more than 11 and no less than 9
numbers cannot repeat
must contain one uppercase letter
must end with '.jpg'
first four characters hex values must be the same summed value as the last nine characters
signal each character with the tone of a virgin bell towards the heavens

[–] squirrel@piefed.kobel.fyi 20 points 1 day ago (2 children)

Obligatory mention: https://neal.fun/password-game

[–] cron@feddit.org 6 points 1 day ago

Thanks for mentioning it. I never finished it though

[–] PabloSexcrowbar@piefed.social 2 points 1 day ago

I tapped out at rule 16 because I suck at chess.

[–] OpenStars@piefed.social 18 points 1 day ago (2 children)

Correct horse battery staple.

Of course there's an xkcd for that:-)

[–] mrsemi@lemmy.world 21 points 1 day ago (3 children)

I just recently had to make a password for some website.

The requirements were to use at least one capital letter, at least one number, and EXACTLY ONE of a short list of special characters in your password. It also could be no longer than 10 characters.

Major wtf moment.

[–] luciferofastora@feddit.org 2 points 1 day ago

FixUrSh1t!

When the plaintext-stored password inevitably get leaked at some point, I hope whoever actually reads through that list gets a laugh out of it.

[–] mangaskahn@lemmy.world 3 points 1 day ago (1 children)

It was a financial site wasn't it. They're the worst for not updating security guidelines.

[–] JayGray91@piefed.social 6 points 1 day ago* (last edited 1 day ago)

There are various reasons I hate the banks I use. One of the top reason is this ancient obsolete password rule.

The biggest reason to hate my banks is they're forcing to use their android app and policing how I can use my phone by refusing to run if I have accessibility service on, and developers options enabled.

I just keep updating my reviews as they are anti disabled people[1].

[1]~~Please correct me on the proper term because I'm ESL and I forgot.~~

[–] surewhynotlem@lemmy.world 1 points 1 day ago

That's means they're storing your password directly in a database somewhere. Not even hashing it. Super lazy coding.

[–] cron@feddit.org 5 points 1 day ago (1 children)

I've used this website in the past to generate passwords. It is based on this xkcd comic.

[–] OpenStars@piefed.social 8 points 1 day ago (1 children)

Most FOSS password managers will also do it, like KeePass.

[–] cron@feddit.org 3 points 1 day ago (1 children)

I don't use KeePass anymore, but from this screenshot and the documentation I believe that it does not generate passphrases as defined by this xkcd comic.

[–] DasFaultier@sh.itjust.works 4 points 1 day ago (1 children)

I've configured this for KeePassXC iirc, but you're right, the default config does not generate XKCD passwords. Just saying it's not impossible.

[–] JayGray91@piefed.social 3 points 1 day ago

Bitwarden does this out of the box.

Just adding if someone reading wants to use passphrase generation that's built in.

[–] henfredemars@infosec.pub 11 points 1 day ago (1 children)

Bi-weekly password change policy is the bane of my existence.

[–] axexrx@lemmy.world 2 points 1 day ago

My favorite was a biweekly password change, on the payroll portal that was also biweekly.

[–] CeeBee_Eh@lemmy.world 6 points 1 day ago (1 children)

"The sum if all digits must be 9"

[–] cron@feddit.org 5 points 1 day ago (1 children)

Thanks for pointing out the typo. I made you the co-author to thank you for your significant contribution.

[–] CeeBee_Eh@lemmy.world 2 points 1 day ago

🎉🎉🎉