May 27, 2023 00:00:00

`` Dumb Password Rules '' that collects sites with ridiculous password rules such as `` Do not include words in the dictionary '' and `` Set a new password every 120 days ''

When setting a password for a device or web service account, it is common to take measures such as ``lengthening the number of characters'' and ``not using simple numbers or words'' to prevent unauthorized access. However, many people should have experienced an error message such as 'Please add one or more uppercase letters' when setting a password. Engineer

duffn summarizes various websites that set rules for complex passwords in ' Dumb Password Rules '.

Dumb Password Rules
https://dumbpasswordrules.com/

Mr. duffn explained why he created Dumb Password Rules, ``I get very frustrated when I encounter complex password rules.I wanted to let everyone know how stupid these password rules are.'' said. According to Mr. duffn, examples of 'stupid passwords' are rules such as 'more than ○ characters, maximum ○ characters' and '○○ cannot be used'.

This is the top page of Dumb Password Rules. You can display a list of 295 sites by clicking 'View sites'.

A list of websites that set complicated rules looks like this.

As an example,

Apple 's rules for setting passwords stipulate that 'Do not include more than 3 consecutive identical characters such as' aaa '' and '32 characters or less'. If you set a password that is too long, the message ``Passwords cannot have more than 32 characters.

The rules for setting

IKEA passwords for large furniture retailers are: '8 characters or more', 'must include at least one uppercase letter and a number or special symbol (!@#$%^&*)', and 'two or more of the same characters'. It is defined as 'not continuous'. Mr. duffn points out about this password rule, ``If your name contains two or more of the same characters in succession, you cannot set your name as a password.''

The rules of Earthdata , a satellite database managed by the National Aeronautics and Space Administration (NASA), are complicated, and the user name must contain ``4 or more characters, up to 30 characters'', ``numbers, periods (.), and underscores (_). 'Do not include spaces', 'Do not include periods or underscores at the beginning and end of the user name', 'Periods and underscores must not be consecutive' are set. Also, the password must contain at least 8 characters, at least one uppercase letter and at least one lowercase letter, and at least one number.

When logging in to the British Post Office , copy and paste is not allowed, so it is impossible to copy and paste the password from the password manager etc. used by the user into the text box. Mr. duffn criticizes this mechanism, ``I can't think that the password will be weak even if you allow copy and paste of the password.''

The rules for setting passwords for the insurance group ' Zurich Insurance ' headquartered in Switzerland are 'length is 8 characters', 'only alphanumeric characters', 'first character is English only', 'blanks cannot be used', and 'new passwords are the same as before'. It is stipulated that it must not match the past 32 passwords used on the site and must not match the user name.

In

Battle.net , an online game service provided by game software developer Blizzard , '8 to 16 characters', 'includes one or more numbers and English', 'cannot use special characters', 'same as or similar to user name' The password cannot be used.” Also, because it is not case sensitive, duffn says, 'It's like a password rule 20 years ago.'

The rules of the United States Copyright Office are long anyway ``Passwords cannot include the names of spouses, children, or pets'' ``Cannot include the names of sports teams or athletes'' ``Cannot include social security numbers ' and 'cannot contain words found in a dictionary'.

The rules of the University of Windsor include the provision that 'passwords must be updated every 120 days and old passwords cannot be used again when registering a new password'.

The password of the French bank '

La Banque postale ' is a 6-digit number and you need to set the password by selecting the numbers on the keypad displayed below the input field.

Another French bank, ' Bank LCL ', also needs to be entered on the displayed keypad when setting a 6-digit password.

ING Romania 's Internet banking password must be set with a 5-digit number, which is relatively easy to crack. According to duffn, ING Romania used to set a common password, but then switched to a five-digit numeric password. In addition, users are required to register for two-factor authentication , and the risk of password leakage is said to be low.

Regarding these passwords, Mr. duffn says, 'It is important to set up a place for discussion because there are actually no strict rules about stupid passwords.'