Recently this post making rounds on some of the dev community groups which I’m a part of on Facebook.
These are the rules of a banking website when we are to create a new account or change our passwords. And this is the most weirdest set of password rules that I have ever seen, and this is not a photoshopped image, but 100% real.
It’s ironic that no matter how good the password is the only thing that separates an attacker from making a bad transaction is just a phishing page, because the bank does not use two factor authentication.
Even though the password policy does suggest that your password should be at least 8 characters long, other rules such as inability to special characters make the password weak not strong.
As a developer, I can’t understand the reason for putting this list of rules for a password because a database should be able to hold a hashed password.
So go ahead and suggest me a password