This dumb password rule is from Bank Leumi (Israel).
- Password consists of 6 to 12 characters
- Password contains only english letters and numbers without spaces.
This dumb password rule is from Scandinavian Airlines.
The password rules itself is fine, but, it doesn't inform about the max length of the password.
Their max length is 14 characters, so even if you enter a password of 42 chars, you can login with the first 14 of it.
In this case, I changed my password to **Super_l0ng_password_that_fits_all_criteri...
@jabbercracky that's me 
And I'm not surprised Tycho won. 
What I've learned from this challenge is that I have much to learn, even though I attack #passwords for more than 10 years now...
This dumb password rule is from State Bank of India (Foreign Travel Card).
State Bank of India is the largest government operated bank in India.
They offer "travel" prepaid cards for foreign currencies, this is for
their portal for the prepaid card users to manage their account.
Your password must:
- Be between 8 and 9 characters long
- Contain at least 1 lowercase c...
https://dumbpasswordrules.com/sites/state-bank-of-india-foreign-travel-card/
This dumb password rule is from Chase Bank.
* Can't use any special characters except ! # $ % + / = @ ~
* Max length restriction (32 characters).
* No runs of identical characters ("aaa") or sequential characters ("abc").
* Password check is case-insensitive
This dumb password rule is from Bendigo Bank.
**Exactly** eight characters.
This dumb password rule is from USAA Bank.
Password cannot be longer than 12 characters but they don't tell you that until after you try a new password. To make up for this fact they've added dubious additional security features on top of this weak foundation.
This dumb password rule is from Sears.
"cAsE sensitive, no spaces, ! or ?
8 characters min - 1 letter, 1 number
Can't repeat same character more than 3 times in a row
Cannot be or contain your username or email address"
This dumb password rule is from Taco Bell.
Password may include special characters, except for #.
This dumb password rule is from University of Texas at Austin.
Because of the last two rules, which ban dictionary words and any
variants using symbol substitutions, *neither* of the passwords
presented in the [xkcd comic](https://xkcd.com/936/) are allowed.
https://dumbpasswordrules.com/sites/university-of-texas-at-austin/
This dumb password rule is from CenturyLink Residential.
Your password is too long. But how long can it be? Oh, we won't tell you.
https://dumbpasswordrules.com/sites/centurylink-residential/
Wow is the Hegseth reused password post for real? And he also had a mail.ru email address where he used the same password as his Gmail, Yahoo, and Princeton email addresses? Wtf
This dumb password rule is from DJI.
The symbol `\` is banned without a notice, it'll probably escape whatever you'll put in, just why...
SnakeKeylogger Targeted Individuals and Businesses to Steal Credentials
A sophisticated credential-stealing malware called “SnakeKeylogger” is
targeted both individuals and organizations with its multi-stage infection
chain and stealthy in-memory execution techniques. This malware’s primary
objective is credentials stored in web browsers, Email client, FTP
application and Wi-Fi passwords from infected system. The malware
specifically target installUtil.exe, a legitimate.NET framework utility,
hollowing out its memory and replacing it with malicious code.
Pulse ID: 67e55cc4af20ad48a7ef994a
Pulse Link: https://otx.alienvault.com/pulse/67e55cc4af20ad48a7ef994a
Pulse Author: cryptocti
Created: 2025-03-27 14:12:20
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
This dumb password rule is from Dwr Cymru (Welsh Water).
Limits password length to a maximum of 16 characters
Perhaps one good thing will come out of all the anti- #DEI stuff. Services may finally stop requiring the #inclusion of a #diversity of
characters in #passwords.
This dumb password rule is from Cigna.
A max of 12 characters... Can't handle most symbols (only 5 supported). At least they have two factor auth via email or sms **sigh**
This dumb password rule is from PizzaHut.
Passwords must be greater than 6 characters, and have an arbitrary set of rules we don't tell you about until after you try to set your password.
