Suggest me a password

Recently this post making rounds on some of the dev community groups which I’m a part of on Facebook.

These are the rules of a banking website when we are to create a new account or change our passwords. And this is the most weirdest set of password rules that I have ever seen, and this is not a photoshopped image, but 100% real.

Password rules for the BOC website

It’s ironic that no matter how good the password is the only thing that separates an attacker from making a bad transaction is just a phishing page, because the bank does not use two factor authentication.

Even though the password policy does suggest that your password should be at least 8 characters long, other rules such as inability to special characters make the password weak not strong.

As a developer, I can’t understand the reason for putting this list of rules for a password because a database should be able to hold a hashed password.

So go ahead and suggest me a password