This is a rant about dumb password policies enforced by some websites or apps. If you see these password rules forced to you, try to stay away if possible.
Can’t use special characters, or use a pre-defined special characters only
Are you storing the password in plaintext that your database will break when have special characters?
Password can’t be longer than X characters
Most probably storing the password in plaintext and their database column is limited to those characters limit.
Password expire every X months, without notice, suddenly can’t login. Reset it and can’t use the last 5 passwords
They store your previous passwords, either encrypted or plaintext.
Places like Flickr can go fuck themselves because they want 12-character password limits. 12! Some people can barely even remember a 6 string password much less one that’s 12.
Why 12? “SECURITY!” they’d spam. I’ve found it more secure to have a mix of special characters, lowercase/uppercase and numbers than the longer string of a password. Just means you’re going to increase the volume of people having to reset their passwords now and then because you required them to make it 12 characters long.
I don’t understand why people would like 12 characters…
https://m.xkcd.com/936/