Westpac Bank

A password requires:
6 characters, including at least 1 number and 1 letter
no more than 2 repeating or consecutive characters
no blanks, spaces, or special characters
We recommend your password does not include your birth date, name, or other obvious information

(an update from a previous post)

Westpac recently got rid of its 5-character max limit. Finally I thought, someone who knows about password security has been in their ear. But no. The new password limit is a whopping 6 characters long, all alphanumeric, no spaces. Failing hard, then failing hard again, that’s the way they do security at westpac.

editor’s note: recommend? like, I wouldn’t be able to use a $ but could use my DOB?

$Lufthansa “ • ❌ minimum of 8 character(s) • ✅ minimum of 1 lowercase letter(s) • ✅ minimum of 1 uppercase letter(s) • ✅ minimum of 1 number(s) • ✅ minimum of 1 special character (s) !”$%&()*+,-./:;#?_@\ • ✅ does not match the Username • ℹ︎ Not used...$

Lufthansa

❌ minimum of 8 character(s)
✅ minimum of 1 lowercase letter(s)
✅ minimum of 1 uppercase letter(s)
✅ minimum of 1 number(s)
✅ minimum of 1 special character (s) !”$%&()*+,-./:;#<>?_@\
✅ does not match the Username
ℹ︎ Not used before, not easy to guess

No idea what the maximum password length is. This one was as long as 1Password makes them, which is somehow… less than 8 characters?

smartview

(image shows a 64-character randomly generarted password with a strength indication of “very weak 0%”)

The password must contain characters from at least 3 of the following 4 categories:
English uppercase characters (A - Z)
English lowercase characters (a - z)
Base 10 digits (0 - 9)
Non-alphanumeric (for example: !, $, #, or %)
The password cannot be the same as the username
The password must have a minimum of 8 characters

Online “collaboration portal” for real estate transactions. After attempting several 64-character passwords which exceeded some undocumented maximum password length, I tried a 35-character one, which was accepted. No clue what the actual max length is.

Smithsonian Earth TV

Password (min 8 characters):
Please enter a value between 8 and 15 characters long

Please enter a value between 8 and 15 characters long?!

Westpac Bank

👁 A password requires:
👁
6 characters, including at least 1 number and 1 letter
no more than 2 repeating or consecutive characters
no blanks, spaces, or special characters
👁 We recommend your password does not include your birth date, name, or other obvious information

Westpac Bank recently got rid of its 5-character max limit. Finally I thought, someone who knows about password security has been in their ear. But no. The new password limit is a whopping 6 characters long, all alphanumeric, no spaces. Failing hard, then failing hard again, that’s the way they do security at westpac.

editor’s note: as genuinely terrible as these password constraints are, this is actually an improvement over a previous Westpac submission, the one with the on-screen keyboard.

TransitChek®

Must be at least 12 characters in length
Must include at least 1 number
Must include at least 1 special character
Must include at least 1 upper and 1 lower case letter
Must be different from the previous 10 passwords

I know you don’t want random hackers to get a hold of how much money you spend on subway fare, but this seems like overkill.

editor’s note: idk I can support a desire for strong password culture everywhere. I’m just not convinced these rules are in any way useful or productive to that end.

EWealthManager

8-character minimum. A valid Password must begin and end with a letter, include at least one lower case letter, and two imbedded numbers. Must not contain the username. May contain up to 5 special characters.

editor’s note: far be it for me to judge spelling errors generally. some people aren’t great at spelling, some people have only heard and never seen a word spelled out, whatever, don’t care. i would expect, however, that the password micro copy gets a quick spell-check before shipping. that’s not how “embedded” is spelled. that’s not even really what “embedded” means? also it is unclear how any of these rules, save the minimum, improve security.

Sun Life Financial

⬜️ 8 to 10 characters
⬜️ 1 number (minimum)
⬜️ 1 letter (minimum)
✔ No spaces
✔ No special characters
⬜️ Passwords match

No special characters?! Seriously?!

Google Store Financing - Synchrony

❗️ Please follow the rules below for new passwords. The following special characters are permitted: !#$*+.:;=?@^_|~,
Minimum of 7 characters, have upper case and lower case letters, and at least 2 numbers, special characters permitted, spaces are not permitted.

(the markup for the input includes onpaste="return false")

I was surprised to see these bizarre password requirements on a Google-branded page, and knew I had to submit it here.

The Google store financing services by synchrony bank not only restrict an inexplicable selection of special characters, but also prevent pasting in their registration form. You cannot even generate a password outside of the browser to paste in.

I guess the Google security team can only do so much when partnering with third parties!

ABSA Bank

Password rules:
The password is alphanumeric (Comprises both letters and numbers), for example: Coffee2
The new password should be 8 to 12 characters.
The Password must be case sensitive. For example: Coffee
No special characters or spacing is allowed */?-%$#@!<>.^()
Choose a Password that is easy to remember, but that nobody else is likely to guess.
Your own name or sequences will not be allowed, for example John1234

ABSA bank online banking registration form

editor’s note: “easy to remember” actually has real potential here. “secure” does not.

« Previous1/28Next »