The worst I have seen recently is one with an eight character limit and support for only four specific special characters. I didn’t test if it was cap sensitive but it wouldn’t shock me if it was not. It is the invoicing portal for one of my clients. I wish that was the only technical atrocity committed by that abomination…it is not.
My bank used to require internet banking passwords to be exactly 6 alphanumeric characters. Turned out that the reason for that was that they used the same password for internet and phone banking, and by implication the passwords were actually just 6 numbers.
The worst I have seen recently is one with an eight character limit and support for only four specific special characters. I didn’t test if it was cap sensitive but it wouldn’t shock me if it was not. It is the invoicing portal for one of my clients. I wish that was the only technical atrocity committed by that abomination…it is not.
My bank used to require internet banking passwords to be exactly 6 alphanumeric characters. Turned out that the reason for that was that they used the same password for internet and phone banking, and by implication the passwords were actually just 6 numbers.
This was in the 2010s, mind you.
My work only recently did away with the requirement for passwords to be exactly 8 characters. This was due to the use of legacy mainframes afaik.