Post

@0xabad1dea the most annoying I've dealt with was Your Password Must Stand Up To Several Minutes of John The Ripper

@0xabad1dea
"Error: your password must be unique. Please choose a password not already in use"

@0xabad1dea https://youtu.be/x9LIqdUV09M

@0xabad1dea doubly hateful when your password manager has just saved the new invalid password and you're cheap so there's no history to go back to get the still valid one

@0xabad1dea I had one site that rejected all the passwords generated by my password manager. I eventually tried "Password123" (without quotes) which was accepted.

@0xabad1dea
+ Your password must embody all three corporate values.
+ Your password must increase revenue over last year by at least 3.5% .
+ Your password must comply with both US and EU privacy laws.
+ Your password cannot rhyme with "orange".
+ Your password must be a riddle that has two distinct solutions.
+ If I roll a 1 on this d20, you have to choose a different password anyway.

@0xabad1dea try this pass

Y3Ll0wM@NL0V3SA1D@t@C3nter$

@0xabad1dea also a fan of the combination of "must contain special characters" and "no, not that one!" without saying which.

@0xabad1dea

oof, feeling this pain acutely since I just played exactly this game the other day.

Me: Why yes, my new password has 20 characters, a mix of upper, lower, digits, and punctuation, and isn't one of the last 5 I've used.

Windows: No

Me: why?

Windows: 🙊

@0xabad1dea Been there. Whaddya want? Do I need a special character?

@0xabad1dea Agh! The stupid! It burns!

@0xabad1dea

Password(month)(year)!

PasswordMay2026!

Yeahhhh, that works mostly everywhere, easily updates, and is a totes terrible password.

But most orgs cant even be arsed to follow NIST's 2017 password directive, let alone 2025's.

@0xabad1dea

Organisation policy: All passwords must be "different".

@0xabad1dea you should only store your password policy as a salted hash

@0xabad1dea When I see this, all I think is "Grumble, grumble".