"Set your new password.
Please don't use special characters or symbols"
😳

#$%& *##

@Demolishun Totally invalid. You can't write even a dot .

@cafecortado I was swearing at them.

Plain text password database spotted

Password must be 8-20 characters :)

@SuspiciousBug

Goofy, Tom, Jerry, Daffy, Sleepy, Snow White, Papa Smurf, Kirito

@Demolishun oh you!

Used to be a good sign the password is transmitted over XML somewhere, like an old SOAP web service. Special characters often broke the XML, and made for spectacular vulnerabilities.

The customer support guys were asking me to make it so passwords could be 7 characters long without special characters. Apparently the customers struggle to manage and remember passwords.
I don't even know how fucking dumb you have to be, the browser stores shit for you but not even that is good enough. I gave up and will use social login, not my problem anymore if they can't login.

I actually don't get those stupid policies. A 32 char pure alphanumeric password is already orders of magnitude harder to brute force than 8 chars including specials...

And long passwords can easily be remembered through mnemotechnics...

Oh dear. I use 50 char passwords with lower, upper, numbers and symbols. I get absolutely angry when they don't let me use my password pattern

@Nanos Even worse are the code search features of, for example, Bitbucket. It completely ignores any symbols, even if you quote your search terms.

It ignores symbols. _In a code search._

@devphobe base64 works wonders for those edge cases.

@KryptonTurtle often I generate weaker o passwords just because I had to mess with the settings for some stupid bullshit pattern

What's the min and max limits?

If they're high this could theoretically be a dev who's tried to force the CorrectHorseBatteryStaple-rule onto their users.

If the limits are low you could be dealing with lazy ass devs who used the incorrect DB field type.